From 7e37f1c0e959ee6f98f999be758a238ff7a66aae Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Thu, 15 Aug 2024 13:31:24 -0700 Subject: [PATCH] [panw] Update `event.created` field to follow ECS spec (#10731) The [ECS spec states](https://www.elastic.co/guide/en/ecs/current/ecs-event.html#field-event-created) `event.created` should be the time the event is first seen by the agent or ingested. The panw integration was not following this and was instead setting it to the PANOS event timestamp. This corrects the integration so that it follows ECS properly. These field changes have been made: * `event.created` is set from filebeat's initial timestamp (before modification by the syslog processor or ingest pipeline). * `panw.panos.received_time` is now defined as the PANOS log timestamp (it is the same value that was previous in `event.created`) * `panw.panos.generated_time` is added to hold the PANOS generated time * `@timestamp` now holds the `panw.panos.high_resolution_timestamp` value, or if it isn't available `panw.panos.received_time` This is also a major version upgrade, because of these changed field definitions. --- packages/panw/changelog.yml | 5 + ...-panw-panos-audit-sample.log-expected.json | 12 +- ...os-authentication-sample.log-expected.json | 1 - ...panw-panos-config-sample.log-expected.json | 18 +- ...correlated-events-sample.log-expected.json | 1 - ...-panos-decryption-sample.log-expected.json | 9 +- ...nos-globalprotect-sample.log-expected.json | 50 +- ...st-panw-panos-gtp-sample.log-expected.json | 1 - ...nw-panos-hipmatch-sample.log-expected.json | 8 +- ...w-panos-inc-other-sample.log-expected.json | 173 +++-- ...-panos-inc-threat-sample.log-expected.json | 308 +++------ ...panos-inc-traffic-sample.log-expected.json | 500 ++++++++------ ...-panw-panos-inc-traffic.json-expected.json | 9 +- ...panw-panos-ip-tag-sample.log-expected.json | 3 +- ...t-panw-panos-sctp-sample.log-expected.json | 1 - ...panw-panos-system-sample.log-expected.json | 15 +- ...panw-panos-threat-sample.log-expected.json | 624 ++++++++++++------ ...t-panw-panos-time-sample.log-expected.json | 6 +- ...anw-panos-traffic-sample.log-expected.json | 206 ------ ...tunnel-inspection-sample.log-expected.json | 3 +- ...panw-panos-userid-sample.log-expected.json | 17 - .../panos/agent/stream/logfile.yml.hbs | 4 + .../panos/agent/stream/tcp.yml.hbs | 4 +- .../panos/agent/stream/udp.yml.hbs | 4 +- .../elasticsearch/ingest_pipeline/audit.yml | 7 - .../elasticsearch/ingest_pipeline/default.yml | 39 +- .../elasticsearch/ingest_pipeline/userid.yml | 4 - .../panw/data_stream/panos/sample_event.json | 22 +- packages/panw/docs/README.md | 22 +- packages/panw/manifest.yml | 2 +- 30 files changed, 1060 insertions(+), 1018 deletions(-) diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 4d8b34857c0..fd2b85b1699 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "4.0.0" + changes: + - description: Correct use of ECS event.created field + type: breaking-change + link: https://github.com/elastic/integrations/pull/10731 - version: "3.26.4" changes: - description: Use high-res timestamp for @timestamp and ensure time zone config is applied. diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-audit-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-audit-sample.log-expected.json index e63b30b6d60..e4d4034822e 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-audit-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-audit-sample.log-expected.json @@ -1,7 +1,6 @@ { "expected": [ { - "@timestamp": "2024-04-11T20:06:15.000-04:00", "ecs": { "version": "8.11.0" }, @@ -9,7 +8,6 @@ "category": [ "configuration" ], - "created": "2024-04-11T16:06:15.000-04:00", "kind": "event", "original": "Apr 11 20:06:15 192.168.0.1 01111111111,2024/04/11 20:06:15,audit,2561,gui-op,suser,\"\",success", "outcome": "success", @@ -28,6 +26,7 @@ "cmd": "", "cmd_source": "gui-op", "config_version": "2561", + "generated_time": "2024-04-11T20:06:15.000-04:00", "type": "AUDIT" } }, @@ -44,7 +43,6 @@ } }, { - "@timestamp": "2024-04-18T18:35:20.000-04:00", "ecs": { "version": "8.11.0" }, @@ -52,7 +50,6 @@ "category": [ "configuration" ], - "created": "2024-04-18T14:35:20.000-04:00", "kind": "event", "original": "Apr 18 18:35:20 10.1.1.1 003001000000,2024/04/18 18:35:20,audit,2561,gui-op,Mustang,\"all\",success", "outcome": "success", @@ -71,6 +68,7 @@ "cmd": "all", "cmd_source": "gui-op", "config_version": "2561", + "generated_time": "2024-04-18T18:35:20.000-04:00", "type": "AUDIT" } }, @@ -87,7 +85,6 @@ } }, { - "@timestamp": "2024-04-18T18:36:20.000-04:00", "ecs": { "version": "8.11.0" }, @@ -95,7 +92,6 @@ "category": [ "configuration" ], - "created": "2024-04-18T14:36:20.000-04:00", "kind": "event", "original": "Apr 18 18:36:20 test-hostname 003001000000,2024/04/18 18:36:20,audit,2561,gui-op,Mustang,\"all\",success", "outcome": "success", @@ -114,6 +110,7 @@ "cmd": "all", "cmd_source": "gui-op", "config_version": "2561", + "generated_time": "2024-04-18T18:36:20.000-04:00", "type": "AUDIT" } }, @@ -130,7 +127,6 @@ } }, { - "@timestamp": "2024-04-18T18:37:20.000-04:00", "ecs": { "version": "8.11.0" }, @@ -138,7 +134,6 @@ "category": [ "configuration" ], - "created": "2024-04-18T14:37:20.000-04:00", "kind": "event", "original": "Apr 18 18:37:20 test-hostname.test.intra 003001000000,2024/04/18 18:37:20,audit,2561,gui-op,Mustang,\"all\",success", "outcome": "success", @@ -157,6 +152,7 @@ "cmd": "all", "cmd_source": "gui-op", "config_version": "2561", + "generated_time": "2024-04-18T18:37:20.000-04:00", "type": "AUDIT" } }, diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json index 21b85959d66..d7e03f165a4 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json @@ -9,7 +9,6 @@ "category": [ "authentication" ], - "created": "2019-11-23T00:44:44.000-04:30", "kind": "event", "original": "1,2019/11/23 00:44:44,01234567890,AUTHENTICATION,login,2561,2019/11/23 00:44:44,vsys1,fe80::4e7:1ab2:f6aa:82fa,user,normalize-user,object,auth-policy,12345,auth-id,vendor,log-action,server-profile,description,client-type,event-type,10,20,action-flag,0,0,0,0,vsys-name,device-name,vsys-id,auth-protocol,uuid,2021-11-23T01:03:05.498-08:00,src-category,src-profile,src-model,src-vendor,src-os-family,src-os-version,src-hostname,aa:aa:aa:aa:aa:aa,region,,\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36\",session-id", "outcome": "success", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json index 3a040755f3b..8ae535e64aa 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json @@ -10,7 +10,6 @@ "category": [ "configuration" ], - "created": "2021-10-25T20:25:39.000-04:00", "kind": "event", "original": "1,2021/10/25 20:25:39,,CONFIG,0,2561,2021/10/25 20:25:39,81.2.69.193,,set,admin,Web,Succeeded, config shared log-settings iptag match-list ip-tag,,\"iptag { match-list { ip-tag { send-syslog [ SYSLOG-1 ]; filter \"\"All Logs\"\"; } } } \",1234567890,0x0,0,0,0,0,,PA-VM,0,", "outcome": "success", @@ -40,7 +39,9 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "device_group_id": "0", + "generated_time": "2021-10-25T20:25:39.000-04:00", "path": "config shared log-settings iptag match-list ip-tag", + "received_time": "2021-10-25T20:25:39.000-04:00", "result": "Succeeded", "sequence_number": "1234567890", "sub_type": "0", @@ -72,7 +73,6 @@ "category": [ "configuration" ], - "created": "2021-10-25T20:25:19.000-04:00", "kind": "event", "original": "1,2021/10/25 20:25:19,,CONFIG,0,2561,2021/10/25 20:25:19,81.2.69.193,,set,admin,Web,Succeeded, config shared log-settings globalprotect match-list globalProtect,,\"globalprotect { match-list { globalProtect { send-syslog [ SYSLOG-1 ]; filter \"\"All Logs\"\"; } } } \",1234567890,0x0,0,0,0,0,,PA-VM,0,", "outcome": "success", @@ -102,7 +102,9 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "device_group_id": "0", + "generated_time": "2021-10-25T20:25:19.000-04:00", "path": "config shared log-settings globalprotect match-list globalProtect", + "received_time": "2021-10-25T20:25:19.000-04:00", "result": "Succeeded", "sequence_number": "1234567890", "sub_type": "0", @@ -134,7 +136,6 @@ "category": [ "configuration" ], - "created": "2023-10-04T08:52:10.000-04:00", "kind": "event", "original": "1,2023/10/04 08:52:10,007058000248010,CONFIG,0,2816,2023/10/04 08:52:10,81.2.69.193,,set,admin,Web,Succeeded, vsys vsys1 rulebase security rules reset-adult,,reset-adult 73a06abf-75ca-436f-9319-1a15b27fa692 { to [ public ]; from [ private ]; source [ any ]; destination [ any ]; source-user [ any ]; category [ adult ]; application [ any ]; service [ application-default ]; source-hip [ any ]; destination-hip [ any ]; action reset-client; icmp-unreachable yes; log-start yes; rule-type interzone; } ,7286123782408765488,0x0,0,0,0,0,,PA-VM,0,", "outcome": "success", @@ -165,7 +166,9 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "device_group_id": "0", + "generated_time": "2023-10-04T08:52:10.000-04:00", "path": "vsys vsys1 rulebase security rules reset-adult", + "received_time": "2023-10-04T08:52:10.000-04:00", "result": "Succeeded", "sequence_number": "7286123782408765488", "sub_type": "0", @@ -197,7 +200,6 @@ "category": [ "configuration" ], - "created": "2023-10-04T08:50:28.000-04:00", "kind": "event", "original": "1,2023/10/04 08:50:28,007058000248010,CONFIG,0,2816,2023/10/04 08:50:28,81.2.69.193,,move,admin,Web,Succeeded, vsys vsys1 rulebase security rules block-1.1.1.1,,,7286123782408765487,0x0,0,0,0,0,,PA-VM,0,", "outcome": "success", @@ -227,7 +229,9 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "device_group_id": "0", + "generated_time": "2023-10-04T08:50:28.000-04:00", "path": "vsys vsys1 rulebase security rules block-1.1.1.1", + "received_time": "2023-10-04T08:50:28.000-04:00", "result": "Succeeded", "sequence_number": "7286123782408765487", "sub_type": "0", @@ -258,7 +262,6 @@ "category": [ "configuration" ], - "created": "2023-10-04T08:27:38.000-04:00", "kind": "event", "original": "1,2023/10/04 08:27:38,007058000248010,CONFIG,0,2816,2023/10/04 08:27:38,81.2.69.193,,override,admin,Web,Failed, deviceconfig system device-telemetry,,,7286123782408765440,0x0,0,0,0,0,,PA-VM,0,", "outcome": "failure", @@ -288,7 +291,9 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "device_group_id": "0", + "generated_time": "2023-10-04T08:27:38.000-04:00", "path": "deviceconfig system device-telemetry", + "received_time": "2023-10-04T08:27:38.000-04:00", "result": "Failed", "sequence_number": "7286123782408765440", "sub_type": "0", @@ -320,7 +325,6 @@ "category": [ "configuration" ], - "created": "2024-02-29T16:59:40.000-04:00", "kind": "event", "original": "1,2024/02/29 16:59:40,01234567890,CONFIG,0,2561,2024/02/29 16:59:40,81.2.69.193,,edit,admin,Web,Succeeded, vsys vsys1 address test123,\"test123 { description \"\"this, is a test. with, three comma, x4\"\"; } \",\"test123 { description \"\"this, is a test. with, three comma, x5\"\"; } \",7304387121517691189,0x0,0,0,0,0,,PA-VM,0,,0,2024-02-29T16:59:40.421+01:00", "outcome": "success", @@ -352,8 +356,10 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "device_group_id": "0", + "generated_time": "2024-02-29T16:59:40.000-04:00", "high_resolution_timestamp": "2024-02-29T11:59:40.421-04:00", "path": "vsys vsys1 address test123", + "received_time": "2024-02-29T16:59:40.000-04:00", "result": "Succeeded", "sequence_number": "7304387121517691189", "sub_type": "0", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json index df3ca8b05d6..73eafeda1c7 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json @@ -9,7 +9,6 @@ "category": [ "network" ], - "created": "2019-10-09T10:20:15.000-02:30", "kind": "event", "original": "Nov 30 16:09:08 1,2019/10/09 10:20:15,001234567890002,CORRELATION,0,2304,2019/10/09 10:20:15,81.2.69.142,src-user,vsys,cat,4,0,0,0,0,vsys-name,d-name,vsys-id,o-name,o-id,evidence", "outcome": "success", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json index 0c3e0a47f1e..b44cbf03ccc 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json @@ -29,7 +29,6 @@ "category": [ "network" ], - "created": "2021-11-11T15:42:44.000-08:00", "kind": "event", "original": "<14>Nov 30 16:09:33 PA-220 1,2021/11/11 15:42:44,007051000184334,DECRYPTION,0,2561,2021/11/11 15:42:44,81.2.69.145,81.2.69.144,81.2.69.145,81.2.69.144,intrazone-default,,,incomplete,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,,2021/11/11 15:42:44,33288,1,49908,443,49908,20077,0x1400000,tcp,allow,N/A,,,,,731a6a1a-9a62-4a92-a49a-0876025a9436,Server_Hello,Client_Hello,TLS1.2,ECDHE,AES_256_GCM,SHA384,,,Certificate,trusted,Trusted,GlobalProtect,ba67e84495b59512,a6a13e87221733b712ddbd0978da1ffdd69503dfd1f0a86f73d86bf90b743b85,2021/11/11 15:21:28,2022/11/11 15:21:28,V3,2048,9,9,0,0,:::::RSA,com.example.com,com.example.com,,,Received fatal alert CertificateUnknown from client,,,,,,,,2021-11-11T15:42:44.845-08:00,,,,,,,,,,,,,,,,,7028724914890736000,0x0,0,0,0,0,,PA-VM,1,unknown,unknown,unknown,1,,,incomplete,no", "outcome": "failure", @@ -94,6 +93,7 @@ "device_group_hierarchy4": "0", "error_message": "Received fatal alert CertificateUnknown from client", "flow_id": "33288", + "generated_time": "2021-11-11T15:42:44.000-08:00", "high_resolution_timestamp": "2021-11-11T15:42:44.845-08:00", "hs_stage_c2f": "Server_Hello", "hs_stage_f2s": "Client_Hello", @@ -107,6 +107,7 @@ } }, "proxy_type": "GlobalProtect", + "received_time": "2021-11-11T15:42:44.000-08:00", "repeat_count": 1, "root_certificate_status": "trusted", "root_common_name": { @@ -228,7 +229,6 @@ "category": [ "network" ], - "created": "2021-11-11T15:42:44.000-08:00", "kind": "event", "original": "<134>1 2022-11-03T13:40:34+01:00 PA-220 1,2021/11/11 15:42:44,007051000184334,DECRYPTION,0,2561,2021/11/11 15:42:44,81.2.69.145,81.2.69.144,81.2.69.145,81.2.69.144,intrazone-default,,,incomplete,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,,2021/11/11 15:42:44,33288,1,49908,443,49908,20077,0x1400000,tcp,allow,N/A,,,,,731a6a1a-9a62-4a92-a49a-0876025a9436,Server_Hello,Client_Hello,TLS1.2,ECDHE,AES_256_GCM,SHA384,,,Certificate,trusted,Trusted,GlobalProtect,ba67e84495b59512,a6a13e87221733b712ddbd0978da1ffdd69503dfd1f0a86f73d86bf90b743b85,2021/11/11 15:21:28,2022/11/11 15:21:28,V3,Unknown,9,9,0,0,:::::RSA,com.example.com,com.example.com,,,Received fatal alert CertificateUnknown from client,,,,,,,,2021-11-11T15:42:44.845-08:00,,,,,,,,,,,,,,,,,7028724914890736000,0x0,0,0,0,0,,PA-VM,1,unknown,unknown,unknown,1,,,incomplete,no", "outcome": "failure", @@ -294,6 +294,7 @@ "device_group_hierarchy4": "0", "error_message": "Received fatal alert CertificateUnknown from client", "flow_id": "33288", + "generated_time": "2021-11-11T15:42:44.000-08:00", "high_resolution_timestamp": "2021-11-11T15:42:44.845-08:00", "hs_stage_c2f": "Server_Hello", "hs_stage_f2s": "Client_Hello", @@ -307,6 +308,7 @@ } }, "proxy_type": "GlobalProtect", + "received_time": "2021-11-11T15:42:44.000-08:00", "repeat_count": 1, "root_certificate_status": "trusted", "root_common_name": { @@ -427,7 +429,6 @@ "category": [ "network" ], - "created": "2024-05-30T15:42:44.000-08:00", "kind": "event", "original": "<14>Nov 30 16:09:33 PA-220 1,2024/05/30 15:42:44,007051000184334,DECRYPTION,0,2561,2024/05/30 15:42:44,81.2.69.145,81.2.69.144,81.2.69.145,81.2.69.144,intrazone-default,,,ssl,vsys1,LAN,PROXY,ae1,ethernet1/5,TEST-Log,2024/05/30 15:46:50,35508943,1,60312,9400,0,0,0x400,tcp,allow,N/A,,,,,731a6a1a-9a62-4a92-a49a-0876025a9436,Unknown,Unknown,TLS1.3,ECDHE,AES_256_GCM,SHA384,SSL Exception Destination Hosts,,None,uninspected,Uninspected,No Decrypt,,,,,V1,0,0,0,0,0,:::::NONE,,,,,,,,,,,,,2024-05-27T15:46:51.539+02:00,,,,,,,,,,,,,,,,,7335860982980205586,0x8000000000000000,12,0,0,0,,TESTFW01,1,encrypted-tunnel,networking,browser-based,4,\\\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\\\",,ssl,no,no", "outcome": "failure", @@ -485,6 +486,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "35508943", + "generated_time": "2024-05-30T15:42:44.000-08:00", "high_resolution_timestamp": "2024-05-27T05:46:51.539-08:00", "hs_stage_c2f": "Unknown", "hs_stage_f2s": "Unknown", @@ -497,6 +499,7 @@ "name": "SSL Exception Destination Hosts" }, "proxy_type": "No Decrypt", + "received_time": "2024-05-30T15:42:44.000-08:00", "repeat_count": 1, "root_certificate_status": "uninspected", "root_common_name": { diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json index a49695f1fc0..f7a5e78c512 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json @@ -10,7 +10,6 @@ "network" ], "code": "portal-prelogin", - "created": "2021-03-24T11:30:00.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/24 11:30:00,013101001305,GLOBALPROTECT,0,2305,2021/03/24 11:30:00,vsys1,portal-prelogin,before-login,,,,BE,,216.160.83.57,0.0.0.0,81.2.69.193,0.0.0.0,09300aaa-23-4900-8aa9-32695452aa,,5.2.4,OS,\"OS 10 Pro , 64-bit\",1,,,\"\",success,,0,,0,GlobalProtect Portal,69200719497738,0x0", @@ -42,7 +41,9 @@ "action_flags": "0x0", "client_ver": "5.2.4", "error_code": 0, + "generated_time": "2021-03-24T11:30:00.000-05:00", "portal": "GlobalProtect Portal", + "received_time": "2021-03-24T11:30:00.000-05:00", "repeat_count": 1, "sequence_number": "69200719497738", "stage": "before-login", @@ -93,7 +94,6 @@ "network" ], "code": "gateway-config-release", - "created": "2021-03-24T11:29:49.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/24 11:29:49,013101001308,GLOBALPROTECT,0,2305,2021/03/24 11:29:49,vsys1,gateway-config-release,configuration,,,domain\\user,BE,CP935,89.160.20.112,0.0.0.0,10.20.13.217,0.0.0.0,e0957c11-93-437a-9e23-9f0c24059898,5J9VN53,5.2.4,OS,\"OS 10 Pro , 64-bit\",1,,,\"\",success,,0,,0,GlobalProtect_GW,6919501582016786,0x0", @@ -126,7 +126,9 @@ "action_flags": "0x0", "client_ver": "5.2.4", "error_code": 0, + "generated_time": "2021-03-24T11:29:49.000-05:00", "portal": "GlobalProtect_GW", + "received_time": "2021-03-24T11:29:49.000-05:00", "repeat_count": 1, "sequence_number": "6919501582016786", "serial_number": "5J9VN53", @@ -195,7 +197,6 @@ "network" ], "code": "gateway-hip-check", - "created": "2021-04-07T17:41:30.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/07 17:41:30,013101305,GLOBALPROTECT,0,2305,2021/04/07 17:41:30,vsys1,gateway-hip-check,host-info,,,domain\\user1,,HOST82878,1.128.3.4,0.0.0.0,67.43.156.14,0.0.0.0,523e8b-7efa-4397-a4d5-824dfa4d8a,F1SM2,5.2.4,,\"\",1,,,\"HIP report is not needed\",success,,0,,0,GlobalProtect_GW,6920071768563516860,0x0", @@ -225,7 +226,9 @@ "client_ver": "5.2.4", "description": "HIP report is not needed", "error_code": 0, + "generated_time": "2021-04-07T17:41:30.000-05:00", "portal": "GlobalProtect_GW", + "received_time": "2021-04-07T17:41:30.000-05:00", "repeat_count": 1, "sequence_number": "6920071768563516860", "serial_number": "F1SM2", @@ -287,7 +290,6 @@ "network" ], "code": "gateway-getconfig", - "created": "2021-04-07T17:41:29.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/07 17:41:29,013101308,GLOBALPROTECT,0,2305,2021/04/07 17:41:29,vsys1,gateway-getconfig,configuration,,IPSec,pre-logon,BE,HOST73486,81.2.69.193,0.0.0.0,89.160.20.112,0.0.0.0,7d01b5-f538-4fa3-a2a2-83980d1325,5C261FNR,5.2.4,OS,\"OS 10 Pro , 64-bit\",1,,,\"Config name: , Client region: BE.\",success,,0,,0,GlobalProtect_GW,6944137135219737,0x0", @@ -321,7 +323,9 @@ "client_ver": "5.2.4", "description": "Config name: , Client region: BE.", "error_code": 0, + "generated_time": "2021-04-07T17:41:29.000-05:00", "portal": "GlobalProtect_GW", + "received_time": "2021-04-07T17:41:29.000-05:00", "repeat_count": 1, "sequence_number": "6944137135219737", "serial_number": "5C261FNR", @@ -389,7 +393,6 @@ "network" ], "code": "gateway-tunnel-latency", - "created": "2021-04-07T17:41:28.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/07 17:41:28,0131001309,GLOBALPROTECT,0,2305,2021/04/07 17:41:28,vsys1,gateway-tunnel-latency,tunnel,,,,userlterso,HOSTP92413,81.2.69.143,0.0.0.0,0.0.0.0,0.0.0.0,2ba9f01-b83b-4902-a1fb-1748c0365,GJG98Y2,5.2.4,,\"\",1,,,\"Pre-tunnel latency: 67ms, Post-tunnel latency: 47ms\",success,,0,,0,GlobalProtect_GW,6920071768563516847,0x0", @@ -419,7 +422,9 @@ "client_ver": "5.2.4", "description": "Pre-tunnel latency: 67ms, Post-tunnel latency: 47ms", "error_code": 0, + "generated_time": "2021-04-07T17:41:28.000-05:00", "portal": "GlobalProtect_GW", + "received_time": "2021-04-07T17:41:28.000-05:00", "repeat_count": 1, "sequence_number": "6920071768563516847", "serial_number": "GJG98Y2", @@ -462,7 +467,7 @@ ] }, { - "@timestamp": "2021-03-02T09:55:39.000-05:00", + "@timestamp": "2021-03-02T09:55:42.000-05:00", "ecs": { "version": "8.11.0" }, @@ -471,7 +476,6 @@ "network" ], "code": "gateway-auth", - "created": "2021-03-02T09:55:42.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/02 09:55:42,12345678999,GLOBALPROTECT,0,2305,2021/03/02 09:55:39,vsys1,gateway-auth,login,Other,,maxmustermann,10.0.0.0-10.255.255.255,PC1234,10.20.30.40,0.0.0.0,0.0.0.0,0.0.0.0,985e865f-7da3-43b4-89a9-299b1bb0c975,SERIALNR,5.1.1,OS,\"OS 10 Enterprise, 64-bit\",1,,,,success,,0,pre-logon,0,GP GW intern,6894571632887748064,0x8000000000000000,1970-01-01T01:00:00.000+01:00,,0,manual only,,", @@ -506,8 +510,10 @@ "client_ver": "5.1.1", "connect_method": "pre-logon", "error_code": 0, + "generated_time": "2021-03-02T09:55:39.000-05:00", "portal": "GP GW intern", "priority": "manual only", + "received_time": "2021-03-02T09:55:42.000-05:00", "repeat_count": 1, "response_time": 0, "sequence_number": "6894571632887748064", @@ -550,7 +556,7 @@ } }, { - "@timestamp": "2021-03-02T11:01:02.000-05:00", + "@timestamp": "2021-03-02T11:01:03.000-05:00", "ecs": { "version": "8.11.0" }, @@ -559,7 +565,6 @@ "network" ], "code": "gateway-setup-ipsec", - "created": "2021-03-02T11:01:03.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/02 11:01:03,123456789999,GLOBALPROTECT,0,2305,2021/03/02 11:01:02,vsys1,gateway-setup-ipsec,tunnel,,IPSec,domain\\musterman,DE,Rechner123,175.16.199.1,0.0.0.0,10.20.30.40,0.0.0.0,96c43d47-8bb5-4f78-8dfc-413a189a29e0,SERIALNR,5.1.1,OS,\"OS 10 Enterprise, 64-bit\",1,,,,success,,0,,0,GPGateway,6894571632887761989,0x8000000000000000,1970-01-01T01:00:00.000+01:00,,0,manual only,,", @@ -592,8 +597,10 @@ "action_flags": "0x8000000000000000", "client_ver": "5.1.1", "error_code": 0, + "generated_time": "2021-03-02T11:01:02.000-05:00", "portal": "GPGateway", "priority": "manual only", + "received_time": "2021-03-02T11:01:03.000-05:00", "repeat_count": 1, "response_time": 0, "sequence_number": "6894571632887761989", @@ -649,7 +656,7 @@ } }, { - "@timestamp": "2021-03-02T09:39:26.000-05:00", + "@timestamp": "2021-03-02T09:39:33.000-05:00", "ecs": { "version": "8.11.0" }, @@ -658,7 +665,6 @@ "network" ], "code": "portal-prelogin", - "created": "2021-03-02T09:39:33.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/02 09:39:33,12345678999,GLOBALPROTECT,0,2305,2021/03/02 09:39:26,vsys1,portal-prelogin,before-login,,,Max.Mustermann@domain.de,10.0.0.0-10.255.255.255,,10.20.30.40,0.0.0.0,0.0.0.0,0.0.0.0,0183d851-7ea2-4a0d-80de-fde1e04ce12f,,5.1.1,OS,\"OS 10 Enterprise, 64-bit\",1,,,,success,,0,,0,GP Portal,6894571632887745099,0x8000000000000000,1970-01-01T01:00:00.000+01:00,,0,manual only,,", @@ -690,8 +696,10 @@ "action_flags": "0x8000000000000000", "client_ver": "5.1.1", "error_code": 0, + "generated_time": "2021-03-02T09:39:26.000-05:00", "portal": "GP Portal", "priority": "manual only", + "received_time": "2021-03-02T09:39:33.000-05:00", "repeat_count": 1, "response_time": 0, "sequence_number": "6894571632887745099", @@ -732,7 +740,7 @@ } }, { - "@timestamp": "2021-03-02T09:47:13.000-05:00", + "@timestamp": "2021-03-02T09:47:18.000-05:00", "ecs": { "version": "8.11.0" }, @@ -741,7 +749,6 @@ "network" ], "code": "portal-getconfig", - "created": "2021-03-02T09:47:18.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/02 09:47:18,12345678999,GLOBALPROTECT,0,2305,2021/03/02 09:47:13,vsys1,portal-getconfig,configuration,,,domain\\maxmustermann,10.0.0.0-10.255.255.255,PC12345,10.20.30.40,0.0.0.0,0.0.0.0,0.0.0.0,8cbc136b-e262-4cf8-912c-95ea132d9fef,SERIENNR,5.1.1,OS,\"OS 10 Enterprise, 64-bit\",1,,,\"Config name: GP Clients, Machine Certificate CN : (null)\",success,,0,pre-logon,0,GP Portal,6894571632887746544,0x8000000000000000,1970-01-01T01:00:00.000+01:00,,0,manual only,,", @@ -776,8 +783,10 @@ "connect_method": "pre-logon", "description": "Config name: GP Clients, Machine Certificate CN : (null)", "error_code": 0, + "generated_time": "2021-03-02T09:47:13.000-05:00", "portal": "GP Portal", "priority": "manual only", + "received_time": "2021-03-02T09:47:18.000-05:00", "repeat_count": 1, "response_time": 0, "sequence_number": "6894571632887746544", @@ -822,7 +831,7 @@ } }, { - "@timestamp": "2021-10-22T11:10:05.000-05:00", + "@timestamp": "2021-10-22T11:10:10.000-05:00", "ecs": { "version": "8.11.0" }, @@ -831,7 +840,6 @@ "network" ], "code": "gateway-hip-check", - "created": "2021-10-22T11:10:10.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 931201168,2021-10-22T16:10:10.000000Z,no-serial,GLOBALPROTECT,globalprotect,9.1,2021-10-22T16:10:05.000000Z,vsys1,gateway-hip-check,host-info,,,host\\\\user,,HOSTNAME,10.1.1.1,,10.2.2.2,fc00::1,8cbc136b-e262-4cf8-912c-95ea132d9fef,SERIALNR,5.2.6,,,1,,,HIP report is not needed,success,,0,,0,GlobalProtect_External_Gateway,1305925,true", @@ -861,7 +869,9 @@ "client_ver": "5.2.6", "description": "HIP report is not needed", "error_code": 0, + "generated_time": "2021-10-22T11:10:05.000-05:00", "portal": "GlobalProtect_External_Gateway", + "received_time": "2021-10-22T11:10:10.000-05:00", "repeat_count": 1, "sequence_number": "1305925", "serial_number": "SERIALNR", @@ -902,7 +912,7 @@ } }, { - "@timestamp": "2021-11-09T16:45:14.000-05:00", + "@timestamp": "2021-11-09T16:45:36.000-05:00", "ecs": { "version": "8.11.0" }, @@ -911,7 +921,6 @@ "network" ], "code": "gateway-tunnel-latency", - "created": "2021-11-09T16:45:36.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 931201168,2021-11-09T21:45:36.000000Z,no-serial,GLOBALPROTECT,globalprotect,9.1,2021-11-09T21:45:14.000000Z,vsys1,gateway-tunnel-latency,tunnel,,,user,,HOSTNAME,10.3.3.3,,10.4.4.4,,8cbc136b-e262-4cf8-912c-95ea132d9fef,SERIALNR,5.2.8,,,1,,,\"Pre-tunnel latency: 35ms, Post-tunnel latency: 16ms\",success,,0,,0,GlobalProtect_External_Gateway,1041590,true", @@ -941,7 +950,9 @@ "client_ver": "5.2.8", "description": "Pre-tunnel latency: 35ms, Post-tunnel latency: 16ms", "error_code": 0, + "generated_time": "2021-11-09T16:45:14.000-05:00", "portal": "GlobalProtect_External_Gateway", + "received_time": "2021-11-09T16:45:36.000-05:00", "repeat_count": 1, "sequence_number": "1041590", "serial_number": "SERIALNR", @@ -980,7 +991,7 @@ } }, { - "@timestamp": "2021-11-09T16:45:14.000-05:00", + "@timestamp": "2021-11-09T16:45:36.000-05:00", "ecs": { "version": "8.11.0" }, @@ -989,7 +1000,6 @@ "network" ], "code": "gateway-tunnel-latency", - "created": "2021-11-09T16:45:36.000-05:00", "duration": 0, "kind": "event", "original": "Nov 30 16:09:08 931201168,2021-11-09T21:45:36.000000Z,no-serial,GLOBALPROTECT,globalprotect,9.1,2021-11-09T21:45:14.000000Z,vsys1,gateway-tunnel-latency,tunnel,,,user,,HOSTNAME,,fc00::1234,,fc00::abcd,8cbc136b-e262-4cf8-912c-95ea132d9fef,SERIALNR,5.2.8,,,1,,,\"Pre-tunnel latency: 35ms, Post-tunnel latency: 16ms\",success,,0,,0,GlobalProtect_External_Gateway,1041590,true", @@ -1019,7 +1029,9 @@ "client_ver": "5.2.8", "description": "Pre-tunnel latency: 35ms, Post-tunnel latency: 16ms", "error_code": 0, + "generated_time": "2021-11-09T16:45:14.000-05:00", "portal": "GlobalProtect_External_Gateway", + "received_time": "2021-11-09T16:45:36.000-05:00", "repeat_count": 1, "sequence_number": "1041590", "serial_number": "SERIALNR", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json index 80a11f4aefd..2434bad18f2 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json @@ -27,7 +27,6 @@ "network", "malware" ], - "created": "2019-10-09T10:20:15.000+07:00", "duration": 9999000000000, "end": "2021-10-26T18:22:21.000+07:00", "kind": "event", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json index 04d8df8ac20..de731d22b73 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2021-03-02T10:06:25.000-06:00", + "@timestamp": "2021-03-02T10:06:31.000-06:00", "ecs": { "version": "8.11.0" }, @@ -9,7 +9,6 @@ "category": [ "network" ], - "created": "2021-03-02T10:06:31.000-06:00", "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/02 10:06:31,12345678999,HIPMATCH,0,2305,2021/03/02 10:06:25,domain\\mustermanm,vsys1,PC12345,,10.20.30.40,GlobalProtect 5.1.1,1,object,0,0,6894571641485024543,0x8000000000000000,267,24,19,0,,de-firewall,1,0.0.0.0,d275bcbe-3a07-4e69-85c5-3ad9192c212e,F0S48Y2,,1970-01-01T01:00:00.000+01:00", "timezone": "-06:00" @@ -36,8 +35,10 @@ "device_group_hierarchy2": "24", "device_group_hierarchy3": "19", "device_group_hierarchy4": "0", + "generated_time": "2021-03-02T10:06:25.000-06:00", "matchname": "GlobalProtect 5.1.1", "matchtype": "object", + "received_time": "2021-03-02T10:06:31.000-06:00", "repeat_count": 1, "sequence_number": "6894571641485024543", "serial_number": "F0S48Y2", @@ -83,7 +84,6 @@ "category": [ "network" ], - "created": "2019-10-09T10:20:15.000-06:00", "kind": "event", "original": "Nov 30 16:09:08 1,2019/10/09 10:20:15,001234567890002,HIPMATCH,0,2304,2019/10/09 10:20:15,ira,vsys1,oh-C02ABCDEFGH4,Mac,89.160.20.112,GP-HIP-PROFILE,1,profile,0,0,0123456789,0x0,0,0,0,0,,SumoRedfw01a,1,0.0.0.0,gh:85:90:99:5a:40,C02ABCDEFGH", "timezone": "-06:00" @@ -113,8 +113,10 @@ "device_group_hierarchy2": "0", "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", + "generated_time": "2019-10-09T10:20:15.000-06:00", "matchname": "GP-HIP-PROFILE", "matchtype": "profile", + "received_time": "2019-10-09T10:20:15.000-06:00", "repeat_count": 1, "sequence_number": "0123456789", "serial_number": "C02ABCDEFGH", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json index 03b3d65dda4..94e131b919a 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2012-02-25T00:51:50.000+05:45", + "@timestamp": "2013-03-25T23:58:57.000+05:45", "ecs": { "version": "8.11.0" }, @@ -10,7 +10,6 @@ "category": [ "configuration" ], - "created": "2013-03-25T23:58:57.000+05:45", "kind": "event", "original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,CONFIG,0,0,2012/02/25 00:51:50,192.168.0.2,,set,admin,Web,Succeeded, config shared local-user-database user badguy,0,0x0", "outcome": "success", @@ -34,7 +33,9 @@ "admin": "admin", "client_type": "Web", "cmd": "set", + "generated_time": "2012-02-25T00:51:50.000+05:45", "path": "config shared local-user-database user badguy", + "received_time": "2013-03-25T23:58:57.000+05:45", "result": "Succeeded", "sequence_number": "0", "sub_type": "0", @@ -54,7 +55,7 @@ ] }, { - "@timestamp": "2012-02-25T00:53:22.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -63,7 +64,6 @@ "category": [ "configuration" ], - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:53:22,192.168.0.2,,set,admin,Web,Succeeded, config mgt-config users badguy,0,0x0", "outcome": "success", @@ -87,7 +87,9 @@ "admin": "admin", "client_type": "Web", "cmd": "set", + "generated_time": "2012-02-25T00:53:22.000+05:45", "path": "config mgt-config users badguy", + "received_time": "2013-03-25T23:59:02.000+05:45", "result": "Succeeded", "sequence_number": "0", "sub_type": "0", @@ -107,7 +109,7 @@ ] }, { - "@timestamp": "2012-02-25T00:53:40.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -116,7 +118,6 @@ "category": [ "configuration" ], - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:53:40,192.168.0.2,,commit,admin,Web,Submitted,,0,0x0", "outcome": "unknown", @@ -140,6 +141,8 @@ "admin": "admin", "client_type": "Web", "cmd": "commit", + "generated_time": "2012-02-25T00:53:40.000+05:45", + "received_time": "2013-03-25T23:59:02.000+05:45", "result": "Submitted", "sequence_number": "0", "sub_type": "0", @@ -159,7 +162,7 @@ ] }, { - "@timestamp": "2012-02-25T00:53:53.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -168,7 +171,6 @@ "configuration" ], "code": "routed-config-p1-success", - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:53:53,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -188,7 +190,9 @@ "panos": { "action_flags": "0x0", "description": "Route daemon configuration load phase-1 succeeded.", + "generated_time": "2012-02-25T00:53:53.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:02.000+05:45", "sequence_number": "0", "sub_type": "routing", "type": "SYSTEM" @@ -199,7 +203,7 @@ ] }, { - "@timestamp": "2012-02-25T00:53:56.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -208,7 +212,6 @@ "configuration" ], "code": "ike-config-p1-success", - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,vpn,0,2012/02/25 00:53:56,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -228,7 +231,9 @@ "panos": { "action_flags": "0x0", "description": "IKE daemon configuration load phase-1 succeeded.", + "generated_time": "2012-02-25T00:53:56.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:02.000+05:45", "sequence_number": "0", "sub_type": "vpn", "type": "SYSTEM" @@ -239,7 +244,7 @@ ] }, { - "@timestamp": "2012-02-25T00:54:16.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -248,7 +253,6 @@ "configuration" ], "code": "routed-config-p2-success", - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:54:16,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -268,7 +272,9 @@ "panos": { "action_flags": "0x0", "description": "Route daemon configuration load phase-2 succeeded.", + "generated_time": "2012-02-25T00:54:16.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:02.000+05:45", "sequence_number": "0", "sub_type": "routing", "type": "SYSTEM" @@ -279,7 +285,7 @@ ] }, { - "@timestamp": "2012-02-25T00:54:16.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -288,7 +294,6 @@ "configuration" ], "code": "rasmgr-config-p2-success", - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,ras,0,2012/02/25 00:54:16,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -308,7 +313,9 @@ "panos": { "action_flags": "0x0", "description": "RASMGR daemon configuration load phase-2 succeeded.", + "generated_time": "2012-02-25T00:54:16.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:02.000+05:45", "sequence_number": "0", "sub_type": "ras", "type": "SYSTEM" @@ -319,7 +326,7 @@ ] }, { - "@timestamp": "2012-02-25T00:57:17.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -328,7 +335,6 @@ "category": [ "configuration" ], - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:57:17,192.168.0.2,,edit,badguy,Web,Succeeded, vsys vsys1 profiles url-filtering monzyspolicy,0,0x0", "outcome": "success", @@ -352,7 +358,9 @@ "admin": "badguy", "client_type": "Web", "cmd": "edit", + "generated_time": "2012-02-25T00:57:17.000+05:45", "path": "vsys vsys1 profiles url-filtering monzyspolicy", + "received_time": "2013-03-25T23:59:02.000+05:45", "result": "Succeeded", "sequence_number": "0", "sub_type": "0", @@ -372,7 +380,7 @@ ] }, { - "@timestamp": "2012-02-25T00:57:36.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -381,7 +389,6 @@ "category": [ "configuration" ], - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:57:36,192.168.0.2,,commit,badguy,Web,Submitted,,0,0x0", "outcome": "unknown", @@ -405,6 +412,8 @@ "admin": "badguy", "client_type": "Web", "cmd": "commit", + "generated_time": "2012-02-25T00:57:36.000+05:45", + "received_time": "2013-03-25T23:59:02.000+05:45", "result": "Submitted", "sequence_number": "0", "sub_type": "0", @@ -424,7 +433,7 @@ ] }, { - "@timestamp": "2012-02-25T00:57:49.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -433,7 +442,6 @@ "configuration" ], "code": "routed-config-p1-success", - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:57:49,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -453,7 +461,9 @@ "panos": { "action_flags": "0x0", "description": "Route daemon configuration load phase-1 succeeded.", + "generated_time": "2012-02-25T00:57:49.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:02.000+05:45", "sequence_number": "0", "sub_type": "routing", "type": "SYSTEM" @@ -464,7 +474,7 @@ ] }, { - "@timestamp": "2012-02-25T00:57:52.000+05:45", + "@timestamp": "2013-03-25T23:59:02.000+05:45", "ecs": { "version": "8.11.0" }, @@ -473,7 +483,6 @@ "configuration" ], "code": "ike-config-p1-success", - "created": "2013-03-25T23:59:02.000+05:45", "kind": "event", "original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,vpn,0,2012/02/25 00:57:52,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -493,7 +502,9 @@ "panos": { "action_flags": "0x0", "description": "IKE daemon configuration load phase-1 succeeded.", + "generated_time": "2012-02-25T00:57:52.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:02.000+05:45", "sequence_number": "0", "sub_type": "vpn", "type": "SYSTEM" @@ -504,7 +515,7 @@ ] }, { - "@timestamp": "2012-02-25T00:58:12.000+05:45", + "@timestamp": "2013-03-25T23:59:07.000+05:45", "ecs": { "version": "8.11.0" }, @@ -513,7 +524,6 @@ "configuration" ], "code": "routed-config-p2-success", - "created": "2013-03-25T23:59:07.000+05:45", "kind": "event", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,routing,0,2012/02/25 00:58:12,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -533,7 +543,9 @@ "panos": { "action_flags": "0x0", "description": "Route daemon configuration load phase-2 succeeded.", + "generated_time": "2012-02-25T00:58:12.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:07.000+05:45", "sequence_number": "0", "sub_type": "routing", "type": "SYSTEM" @@ -544,7 +556,7 @@ ] }, { - "@timestamp": "2012-02-25T00:58:12.000+05:45", + "@timestamp": "2013-03-25T23:59:07.000+05:45", "ecs": { "version": "8.11.0" }, @@ -553,7 +565,6 @@ "configuration" ], "code": "ike-config-p2-success", - "created": "2013-03-25T23:59:07.000+05:45", "kind": "event", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,vpn,0,2012/02/25 00:58:12,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -573,7 +584,9 @@ "panos": { "action_flags": "0x0", "description": "IKE daemon configuration load phase-2 succeeded.", + "generated_time": "2012-02-25T00:58:12.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:07.000+05:45", "sequence_number": "0", "sub_type": "vpn", "type": "SYSTEM" @@ -584,7 +597,7 @@ ] }, { - "@timestamp": "2012-02-25T00:58:12.000+05:45", + "@timestamp": "2013-03-25T23:59:07.000+05:45", "ecs": { "version": "8.11.0" }, @@ -593,7 +606,6 @@ "configuration" ], "code": "rasmgr-config-p2-success", - "created": "2013-03-25T23:59:07.000+05:45", "kind": "event", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,ras,0,2012/02/25 00:58:12,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -613,7 +625,9 @@ "panos": { "action_flags": "0x0", "description": "RASMGR daemon configuration load phase-2 succeeded.", + "generated_time": "2012-02-25T00:58:12.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:07.000+05:45", "sequence_number": "0", "sub_type": "ras", "type": "SYSTEM" @@ -624,7 +638,7 @@ ] }, { - "@timestamp": "2012-02-25T00:58:14.000+05:45", + "@timestamp": "2013-03-25T23:59:07.000+05:45", "ecs": { "version": "8.11.0" }, @@ -633,7 +647,6 @@ "configuration" ], "code": "unknown", - "created": "2013-03-25T23:59:07.000+05:45", "kind": "event", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,general,1,2012/02/25 00:58:14,,unknown,,0,0,general,informational,Config installed,909,0x0", "severity": 5, @@ -653,7 +666,9 @@ "panos": { "action_flags": "0x0", "description": "Config installed", + "generated_time": "2012-02-25T00:58:14.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:07.000+05:45", "sequence_number": "909", "sub_type": "general", "type": "SYSTEM" @@ -664,7 +679,7 @@ ] }, { - "@timestamp": "2012-02-25T00:59:36.000+05:45", + "@timestamp": "2013-03-25T23:59:07.000+05:45", "ecs": { "version": "8.11.0" }, @@ -673,7 +688,6 @@ "configuration" ], "code": "general", - "created": "2013-03-25T23:59:07.000+05:45", "kind": "event", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,general,0,2012/02/25 00:59:36,,general,,0,0,general,informational,Log type config cleared by user badguy ,0,0x0", "severity": 5, @@ -693,7 +707,9 @@ "panos": { "action_flags": "0x0", "description": "Log type config cleared by user badguy ", + "generated_time": "2012-02-25T00:59:36.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:07.000+05:45", "sequence_number": "0", "sub_type": "general", "type": "SYSTEM" @@ -704,7 +720,7 @@ ] }, { - "@timestamp": "2012-04-10T03:11:57.000+05:45", + "@timestamp": "2013-03-25T23:59:22.000+05:45", "ecs": { "version": "8.11.0" }, @@ -713,7 +729,6 @@ "configuration" ], "code": "unknown", - "created": "2013-03-25T23:59:22.000+05:45", "kind": "event", "original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,general,1,2012/04/10 03:11:57,,unknown,,0,0,general,informational,Config installed,884,0x0", "severity": 5, @@ -733,7 +748,9 @@ "panos": { "action_flags": "0x0", "description": "Config installed", + "generated_time": "2012-04-10T03:11:57.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:22.000+05:45", "sequence_number": "884", "sub_type": "general", "type": "SYSTEM" @@ -744,7 +761,7 @@ ] }, { - "@timestamp": "2012-04-10T03:11:56.000+05:45", + "@timestamp": "2013-03-25T23:59:22.000+05:45", "ecs": { "version": "8.11.0" }, @@ -753,7 +770,6 @@ "configuration" ], "code": "rasmgr-config-p2-success", - "created": "2013-03-25T23:59:22.000+05:45", "kind": "event", "original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,ras,0,2012/04/10 03:11:56,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -773,7 +789,9 @@ "panos": { "action_flags": "0x0", "description": "RASMGR daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-10T03:11:56.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:22.000+05:45", "sequence_number": "0", "sub_type": "ras", "type": "SYSTEM" @@ -784,7 +802,7 @@ ] }, { - "@timestamp": "2012-04-10T03:11:56.000+05:45", + "@timestamp": "2013-03-25T23:59:22.000+05:45", "ecs": { "version": "8.11.0" }, @@ -793,7 +811,6 @@ "configuration" ], "code": "ike-config-p2-success", - "created": "2013-03-25T23:59:22.000+05:45", "kind": "event", "original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,vpn,0,2012/04/10 03:11:56,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -813,7 +830,9 @@ "panos": { "action_flags": "0x0", "description": "IKE daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-10T03:11:56.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:22.000+05:45", "sequence_number": "0", "sub_type": "vpn", "type": "SYSTEM" @@ -824,7 +843,7 @@ ] }, { - "@timestamp": "2012-04-10T03:11:56.000+05:45", + "@timestamp": "2013-03-25T23:59:22.000+05:45", "ecs": { "version": "8.11.0" }, @@ -833,7 +852,6 @@ "configuration" ], "code": "routed-config-p2-success", - "created": "2013-03-25T23:59:22.000+05:45", "kind": "event", "original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,routing,0,2012/04/10 03:11:56,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -853,7 +871,9 @@ "panos": { "action_flags": "0x0", "description": "Route daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-10T03:11:56.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:22.000+05:45", "sequence_number": "0", "sub_type": "routing", "type": "SYSTEM" @@ -864,7 +884,7 @@ ] }, { - "@timestamp": "2012-04-10T03:06:11.000+05:45", + "@timestamp": "2013-03-25T23:59:22.000+05:45", "ecs": { "version": "8.11.0" }, @@ -873,7 +893,6 @@ "configuration" ], "code": "rasmgr-config-p1-success", - "created": "2013-03-25T23:59:22.000+05:45", "kind": "event", "original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,ras,0,2012/04/10 03:06:11,,rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -893,7 +912,9 @@ "panos": { "action_flags": "0x0", "description": "RASMGR daemon configuration load phase-1 succeeded.", + "generated_time": "2012-04-10T03:06:11.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:22.000+05:45", "sequence_number": "0", "sub_type": "ras", "type": "SYSTEM" @@ -904,7 +925,7 @@ ] }, { - "@timestamp": "2012-04-10T03:06:00.000+05:45", + "@timestamp": "2013-03-25T23:59:27.000+05:45", "ecs": { "version": "8.11.0" }, @@ -913,7 +934,6 @@ "configuration" ], "code": "routed-config-p1-success", - "created": "2013-03-25T23:59:27.000+05:45", "kind": "event", "original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,routing,0,2012/04/10 03:06:00,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -933,7 +953,9 @@ "panos": { "action_flags": "0x0", "description": "Route daemon configuration load phase-1 succeeded.", + "generated_time": "2012-04-10T03:06:00.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:27.000+05:45", "sequence_number": "0", "sub_type": "routing", "type": "SYSTEM" @@ -944,7 +966,7 @@ ] }, { - "@timestamp": "2012-04-09T09:02:53.000+05:45", + "@timestamp": "2013-03-25T23:59:27.000+05:45", "ecs": { "version": "8.11.0" }, @@ -953,7 +975,6 @@ "configuration" ], "code": "unknown", - "created": "2013-03-25T23:59:27.000+05:45", "kind": "event", "original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,general,1,2012/04/09 09:02:53,,unknown,,0,0,general,informational,Config installed,840,0x0", "severity": 5, @@ -973,7 +994,9 @@ "panos": { "action_flags": "0x0", "description": "Config installed", + "generated_time": "2012-04-09T09:02:53.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:27.000+05:45", "sequence_number": "840", "sub_type": "general", "type": "SYSTEM" @@ -984,7 +1007,7 @@ ] }, { - "@timestamp": "2012-04-09T09:02:52.000+05:45", + "@timestamp": "2013-03-25T23:59:27.000+05:45", "ecs": { "version": "8.11.0" }, @@ -993,7 +1016,6 @@ "configuration" ], "code": "rasmgr-config-p2-success", - "created": "2013-03-25T23:59:27.000+05:45", "kind": "event", "original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,ras,0,2012/04/09 09:02:52,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -1013,7 +1035,9 @@ "panos": { "action_flags": "0x0", "description": "RASMGR daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-09T09:02:52.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:27.000+05:45", "sequence_number": "0", "sub_type": "ras", "type": "SYSTEM" @@ -1024,7 +1048,7 @@ ] }, { - "@timestamp": "2012-04-09T09:02:52.000+05:45", + "@timestamp": "2013-03-25T23:59:27.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1033,7 +1057,6 @@ "configuration" ], "code": "ike-config-p2-success", - "created": "2013-03-25T23:59:27.000+05:45", "kind": "event", "original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,vpn,0,2012/04/09 09:02:52,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -1053,7 +1076,9 @@ "panos": { "action_flags": "0x0", "description": "IKE daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-09T09:02:52.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:27.000+05:45", "sequence_number": "0", "sub_type": "vpn", "type": "SYSTEM" @@ -1064,7 +1089,7 @@ ] }, { - "@timestamp": "2012-04-09T09:02:52.000+05:45", + "@timestamp": "2013-03-25T23:59:27.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1073,7 +1098,6 @@ "configuration" ], "code": "routed-config-p2-success", - "created": "2013-03-25T23:59:27.000+05:45", "kind": "event", "original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,routing,0,2012/04/09 09:02:52,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -1093,7 +1117,9 @@ "panos": { "action_flags": "0x0", "description": "Route daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-09T09:02:52.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:27.000+05:45", "sequence_number": "0", "sub_type": "routing", "type": "SYSTEM" @@ -1104,7 +1130,7 @@ ] }, { - "@timestamp": "2012-04-09T09:00:55.000+05:45", + "@timestamp": "2013-03-25T23:59:27.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1113,7 +1139,6 @@ "configuration" ], "code": "rasmgr-config-p1-success", - "created": "2013-03-25T23:59:27.000+05:45", "kind": "event", "original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,ras,0,2012/04/09 09:00:55,,rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -1133,7 +1158,9 @@ "panos": { "action_flags": "0x0", "description": "RASMGR daemon configuration load phase-1 succeeded.", + "generated_time": "2012-04-09T09:00:55.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:27.000+05:45", "sequence_number": "0", "sub_type": "ras", "type": "SYSTEM" @@ -1144,7 +1171,7 @@ ] }, { - "@timestamp": "2012-04-09T09:00:52.000+05:45", + "@timestamp": "2013-03-25T23:59:27.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1153,7 +1180,6 @@ "configuration" ], "code": "ike-config-p1-success", - "created": "2013-03-25T23:59:27.000+05:45", "kind": "event", "original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,vpn,0,2012/04/09 09:00:52,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", "severity": 5, @@ -1173,7 +1199,9 @@ "panos": { "action_flags": "0x0", "description": "IKE daemon configuration load phase-1 succeeded.", + "generated_time": "2012-04-09T09:00:52.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:27.000+05:45", "sequence_number": "0", "sub_type": "vpn", "type": "SYSTEM" @@ -1184,7 +1212,7 @@ ] }, { - "@timestamp": "2012-04-09T09:00:35.000+05:45", + "@timestamp": "2013-03-25T23:59:32.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1193,7 +1221,6 @@ "category": [ "configuration" ], - "created": "2013-03-25T23:59:32.000+05:45", "kind": "event", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,CONFIG,0,0,2012/04/09 09:00:35,192.168.0.2,,commit,admin,Web,Submitted,,0,0x0", "outcome": "unknown", @@ -1217,6 +1244,8 @@ "admin": "admin", "client_type": "Web", "cmd": "commit", + "generated_time": "2012-04-09T09:00:35.000+05:45", + "received_time": "2013-03-25T23:59:32.000+05:45", "result": "Submitted", "sequence_number": "0", "sub_type": "0", @@ -1236,7 +1265,7 @@ ] }, { - "@timestamp": "2012-04-09T09:00:20.000+05:45", + "@timestamp": "2013-03-25T23:59:32.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1245,7 +1274,6 @@ "category": [ "configuration" ], - "created": "2013-03-25T23:59:32.000+05:45", "kind": "event", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,CONFIG,0,0,2012/04/09 09:00:20,192.168.0.2,,edit,admin,Web,Succeeded, vsys vsys1 profiles data-objects PII,0,0x0", "outcome": "success", @@ -1269,7 +1297,9 @@ "admin": "admin", "client_type": "Web", "cmd": "edit", + "generated_time": "2012-04-09T09:00:20.000+05:45", "path": "vsys vsys1 profiles data-objects PII", + "received_time": "2013-03-25T23:59:32.000+05:45", "result": "Succeeded", "sequence_number": "0", "sub_type": "0", @@ -1289,7 +1319,7 @@ ] }, { - "@timestamp": "2012-04-09T03:21:53.000+05:45", + "@timestamp": "2013-03-25T23:59:47.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1298,7 +1328,6 @@ "configuration" ], "code": "unknown", - "created": "2013-03-25T23:59:47.000+05:45", "kind": "event", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,general,1,2012/04/09 03:21:53,,unknown,,0,0,general,informational,Config installed,821,0x0", "severity": 5, @@ -1318,7 +1347,9 @@ "panos": { "action_flags": "0x0", "description": "Config installed", + "generated_time": "2012-04-09T03:21:53.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:47.000+05:45", "sequence_number": "821", "sub_type": "general", "type": "SYSTEM" @@ -1329,7 +1360,7 @@ ] }, { - "@timestamp": "2012-04-09T03:21:53.000+05:45", + "@timestamp": "2013-03-25T23:59:47.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1338,7 +1369,6 @@ "configuration" ], "code": "rasmgr-config-p2-success", - "created": "2013-03-25T23:59:47.000+05:45", "kind": "event", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,ras,0,2012/04/09 03:21:53,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -1358,7 +1388,9 @@ "panos": { "action_flags": "0x0", "description": "RASMGR daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-09T03:21:53.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:47.000+05:45", "sequence_number": "0", "sub_type": "ras", "type": "SYSTEM" @@ -1369,7 +1401,7 @@ ] }, { - "@timestamp": "2012-04-09T03:21:53.000+05:45", + "@timestamp": "2013-03-25T23:59:47.000+05:45", "ecs": { "version": "8.11.0" }, @@ -1378,7 +1410,6 @@ "configuration" ], "code": "ike-config-p2-success", - "created": "2013-03-25T23:59:47.000+05:45", "kind": "event", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,vpn,0,2012/04/09 03:21:53,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "severity": 5, @@ -1398,7 +1429,9 @@ "panos": { "action_flags": "0x0", "description": "IKE daemon configuration load phase-2 succeeded.", + "generated_time": "2012-04-09T03:21:53.000+05:45", "module": "general", + "received_time": "2013-03-25T23:59:47.000+05:45", "sequence_number": "0", "sub_type": "vpn", "type": "SYSTEM" @@ -1409,7 +1442,7 @@ ] }, { - "@timestamp": "2012-04-10T04:39:56.000+05:45", + "@timestamp": "2012-10-30T09:46:17.000+05:45", "destination": { "bytes": 0, "geo": { @@ -1437,7 +1470,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000+05:45", "duration": 0, "end": "2012-04-10T04:39:56.000+05:45", "kind": "event", @@ -1486,7 +1518,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25149", + "generated_time": "2012-04-10T04:39:56.000+05:45", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000+05:45", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1551,7 +1585,6 @@ "category": [ "network" ], - "created": "2023-10-04T09:52:23.000+05:45", "duration": 0, "end": "2023-10-04T09:52:21.000+05:45", "kind": "event", @@ -1600,7 +1633,9 @@ "device_group_hierarchy4": "0", "endreason": "policy-deny", "flow_id": "0", + "generated_time": "2023-10-04T09:52:23.000+05:45", "log_profile": "elastic", + "received_time": "2023-10-04T09:52:23.000+05:45", "repeat_count": 1, "ruleset": "block-1.1.1.1", "sequence_number": "7286123782408766774", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json index a93e1aef66c..ca7a1c55ebd 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2012-04-10T04:39:56.000+10:00", + "@timestamp": "2012-10-30T09:46:12.000+10:00", "destination": { "domain": "lorexx.cn", "geo": { @@ -30,7 +30,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:12.000+10:00", "kind": "alert", "original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,\"lorexx.cn/loader.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -168,7 +167,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000+10:00", + "@timestamp": "2012-10-30T09:46:12.000+10:00", "destination": { "domain": "lsiu.info", "geo": { @@ -197,7 +196,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:12.000+10:00", "kind": "alert", "original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26067,1,59313,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/count.php?o=2\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -336,7 +334,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000+10:00", + "@timestamp": "2012-10-30T09:46:12.000+10:00", "destination": { "domain": "lsiu.info", "geo": { @@ -365,7 +363,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:12.000+10:00", "kind": "alert", "original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,26522,1,59314,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/count.php?o=5\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -504,7 +501,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000+10:00", + "@timestamp": "2012-10-30T09:46:12.000+10:00", "destination": { "domain": "lsiu.info", "geo": { @@ -533,7 +530,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:12.000+10:00", "kind": "alert", "original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25112,1,59315,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/count.php?o=7\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -672,7 +668,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000+10:00", + "@timestamp": "2012-10-30T09:46:12.000+10:00", "destination": { "domain": "lsiu.info", "geo": { @@ -701,7 +697,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:12.000+10:00", "kind": "alert", "original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25179,1,59316,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -840,7 +835,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000+10:00", + "@timestamp": "2012-10-30T09:46:12.000+10:00", "destination": { "domain": "lsiu.info", "geo": { @@ -869,7 +864,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:12.000+10:00", "kind": "alert", "original": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:57,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25848,1,59317,80,0,0,0x208000,tcp,alert,\"lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -1008,7 +1002,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000+10:00", + "@timestamp": "2012-10-30T09:46:17.000+10:00", "destination": { "domain": "liteautobestguide.cn", "geo": { @@ -1037,7 +1031,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:17.000+10:00", "kind": "alert", "original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,24910,1,59302,80,0,0,0x208000,tcp,alert,\"liteautobestguide.cn/load.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -1175,7 +1168,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000+10:00", + "@timestamp": "2012-10-30T09:46:17.000+10:00", "destination": { "domain": "liteautobestguide.cn", "geo": { @@ -1204,7 +1197,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:17.000+10:00", "kind": "alert", "original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:56,26862,1,59301,80,0,0,0x208000,tcp,alert,\"liteautobestguide.cn/index.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -1342,7 +1334,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000+10:00", + "@timestamp": "2012-10-30T09:46:17.000+10:00", "destination": { "domain": "litetopdetect.cn", "geo": { @@ -1371,7 +1363,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:17.000+10:00", "kind": "alert", "original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:55,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,22860,1,59303,80,0,0,0x208000,tcp,alert,\"litetopdetect.cn/index.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -1509,7 +1500,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000+10:00", + "@timestamp": "2012-10-30T09:46:17.000+10:00", "destination": { "domain": "lkmpmlm.com", "geo": { @@ -1538,7 +1529,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:17.000+10:00", "kind": "alert", "original": "Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:55,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,26360,1,59304,80,0,0,0x208000,tcp,alert,\"lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -1677,7 +1667,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000+10:00", + "@timestamp": "2012-10-30T09:46:22.000+10:00", "destination": { "domain": "girlteenxxxfreemov.com", "geo": { @@ -1706,7 +1696,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:22.000+10:00", "kind": "alert", "original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:52,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25543,1,59297,80,0,0,0x208000,tcp,alert,\"girlteenxxxfreemov.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -1843,7 +1832,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000+10:00", + "@timestamp": "2012-10-30T09:46:22.000+10:00", "destination": { "domain": "imagesrepository.com", "geo": { @@ -1872,7 +1861,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:22.000+10:00", "kind": "alert", "original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:53,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25437,1,59299,80,0,0,0x208000,tcp,alert,\"imagesrepository.com/resolution.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -2010,7 +1998,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000+10:00", + "@timestamp": "2012-10-30T09:46:22.000+10:00", "destination": { "domain": "hottestfiles.com", "geo": { @@ -2039,7 +2027,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:22.000+10:00", "kind": "alert", "original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:53,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,26338,1,59298,80,0,0,0x208000,tcp,alert,\"hottestfiles.com/search/search.php?q=xxx\",(9999),search-engines,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -2178,7 +2165,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000+10:00", + "@timestamp": "2012-10-30T09:46:22.000+10:00", "destination": { "domain": "infodist1.com", "geo": { @@ -2207,7 +2194,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:22.000+10:00", "kind": "alert", "original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,THREAT,url,1,2012/04/10 04:39:54,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:55,25713,1,59300,80,0,0,0x200000,tcp,block-url,\"infodist1.com/in.cgi?11¶meter=404\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -2344,7 +2330,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:51.000+10:00", + "@timestamp": "2012-10-30T09:46:27.000+10:00", "destination": { "domain": "cls-softwares.com", "geo": { @@ -2373,7 +2359,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:27.000+10:00", "kind": "alert", "original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:51,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,25451,1,59295,80,0,0,0x208000,tcp,alert,\"cls-softwares.com/suc.php\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -2511,7 +2496,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:51.000+10:00", + "@timestamp": "2012-10-30T09:46:27.000+10:00", "destination": { "domain": "cls-softwares.com", "geo": { @@ -2540,7 +2525,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:27.000+10:00", "kind": "alert", "original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:51,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26414,1,59291,80,0,0,0x208000,tcp,alert,\"cls-softwares.com/softwarefortubeview.40013.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -2678,7 +2662,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000+10:00", + "@timestamp": "2012-10-30T09:46:27.000+10:00", "destination": { "domain": "findmorepill.com", "geo": { @@ -2707,7 +2691,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:27.000+10:00", "kind": "alert", "original": "Oct 30 09:46:27 1,2012/10/30 09:46:27,01606001116,THREAT,url,1,2012/04/10 04:39:52,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:53,26927,1,59296,80,0,0,0x200000,tcp,block-url,\"findmorepill.com/klik/search.php?q=xxx\",(9999),online-gambling,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Germany,0,", "outcome": "failure", @@ -2844,7 +2827,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000+10:00", + "@timestamp": "2012-10-30T09:46:32.000+10:00", "destination": { "domain": "allowedwebsurfing.com", "geo": { @@ -2873,7 +2856,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:32.000+10:00", "kind": "alert", "original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,26127,1,59280,80,0,0,0x208000,tcp,alert,\"allowedwebsurfing.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -3010,7 +2992,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000+10:00", + "@timestamp": "2012-10-30T09:46:32.000+10:00", "destination": { "domain": "antivirus-remote.com", "geo": { @@ -3039,7 +3021,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:32.000+10:00", "kind": "alert", "original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:49,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:51,25306,1,59281,80,0,0,0x208000,tcp,alert,\"antivirus-remote.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -3176,7 +3157,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000+10:00", + "@timestamp": "2012-10-30T09:46:32.000+10:00", "destination": { "domain": "bklinkov.ru", "geo": { @@ -3205,7 +3186,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:32.000+10:00", "kind": "alert", "original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:49,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24561,1,59282,80,0,0,0x208000,tcp,alert,\"bklinkov.ru/hi/start.cfg\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -3343,7 +3323,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000+10:00", + "@timestamp": "2012-10-30T09:46:32.000+10:00", "destination": { "domain": "blogsexnakedgirlxxx.com", "geo": { @@ -3372,7 +3352,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:32.000+10:00", "kind": "alert", "original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:50,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,15099,1,59290,80,0,0,0x208000,tcp,alert,\"blogsexnakedgirlxxx.com/\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -3509,7 +3488,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000+10:00", + "@timestamp": "2012-10-30T09:46:32.000+10:00", "destination": { "domain": "bklinkov.ru", "geo": { @@ -3538,7 +3517,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:32.000+10:00", "kind": "alert", "original": "Oct 30 09:46:32 1,2012/10/30 09:46:32,01606001116,THREAT,url,1,2012/04/10 04:39:50,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:52,24955,1,59286,80,0,0,0x208000,tcp,alert,\"bklinkov.ru/hi/start.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -3676,7 +3654,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000+10:00", + "@timestamp": "2012-10-30T09:46:37.000+10:00", "destination": { "domain": "-", "geo": { @@ -3705,7 +3683,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:37.000+10:00", "kind": "alert", "original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25398,1,59275,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -3842,7 +3819,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000+10:00", + "@timestamp": "2012-10-30T09:46:37.000+10:00", "destination": { "domain": "-", "geo": { @@ -3871,7 +3848,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:37.000+10:00", "kind": "alert", "original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,25945,1,59277,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -4008,7 +3984,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000+10:00", + "@timestamp": "2012-10-30T09:46:37.000+10:00", "destination": { "domain": "-", "geo": { @@ -4037,7 +4013,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:37.000+10:00", "kind": "alert", "original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:47,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:49,27111,1,59276,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -4174,7 +4149,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000+10:00", + "@timestamp": "2012-10-30T09:46:37.000+10:00", "destination": { "domain": "-", "geo": { @@ -4203,7 +4178,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:37.000+10:00", "kind": "alert", "original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,25871,1,59278,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -4340,7 +4314,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000+10:00", + "@timestamp": "2012-10-30T09:46:37.000+10:00", "destination": { "domain": "-", "geo": { @@ -4369,7 +4343,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:37.000+10:00", "kind": "alert", "original": "Oct 30 09:46:37 1,2012/10/30 09:46:37,01606001116,THREAT,url,1,2012/04/10 04:39:48,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:50,26251,1,59279,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -4506,7 +4479,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:45.000+10:00", + "@timestamp": "2012-10-30T09:46:42.000+10:00", "destination": { "domain": "-", "geo": { @@ -4535,7 +4508,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:42.000+10:00", "kind": "alert", "original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,24816,1,59271,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -4672,7 +4644,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:45.000+10:00", + "@timestamp": "2012-10-30T09:46:42.000+10:00", "destination": { "domain": "-", "geo": { @@ -4701,7 +4673,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:42.000+10:00", "kind": "alert", "original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,25062,1,59269,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -4838,7 +4809,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:45.000+10:00", + "@timestamp": "2012-10-30T09:46:42.000+10:00", "destination": { "domain": "-", "geo": { @@ -4867,7 +4838,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:42.000+10:00", "kind": "alert", "original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:45,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:47,26266,1,59270,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -5004,7 +4974,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:46.000+10:00", + "@timestamp": "2012-10-30T09:46:42.000+10:00", "destination": { "domain": "-", "geo": { @@ -5033,7 +5003,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:42.000+10:00", "kind": "alert", "original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,23898,1,59274,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -5170,7 +5139,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:46.000+10:00", + "@timestamp": "2012-10-30T09:46:42.000+10:00", "destination": { "domain": "-", "geo": { @@ -5199,7 +5168,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:42.000+10:00", "kind": "alert", "original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,25259,1,59273,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -5336,7 +5304,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:46.000+10:00", + "@timestamp": "2012-10-30T09:46:42.000+10:00", "destination": { "domain": "-", "geo": { @@ -5365,7 +5333,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:42.000+10:00", "kind": "alert", "original": "Oct 30 09:46:42 1,2012/10/30 09:46:42,01606001116,THREAT,url,1,2012/04/10 04:39:46,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:48,26466,1,59272,80,0,0,0x208000,tcp,alert,\"-/\",(9999),private-ip-addresses,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -5502,7 +5469,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:43.000+10:00", + "@timestamp": "2012-10-30T09:46:47.000+10:00", "destination": { "domain": "wantfinest.com", "geo": { @@ -5531,7 +5498,6 @@ "threat", "network" ], - "created": "2012-10-30T09:46:47.000+10:00", "kind": "alert", "original": "Oct 30 09:46:47 1,2012/10/30 09:46:47,01606001116,THREAT,url,1,2012/04/10 04:39:43,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:44,4086,1,59261,80,0,0,0x200000,tcp,block-url,\"wantfinest.com/tds/in.cgi?default\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -5668,7 +5634,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:38.000+10:00", + "@timestamp": "2012-10-30T09:47:02.000+10:00", "destination": { "domain": "sameshitasiteverwas.com", "geo": { @@ -5697,7 +5663,6 @@ "threat", "network" ], - "created": "2012-10-30T09:47:02.000+10:00", "kind": "alert", "original": "Oct 30 09:47:02 1,2012/10/30 09:47:02,01606001116,THREAT,url,1,2012/04/10 04:39:38,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:39,26534,1,59248,80,0,0,0x200000,tcp,block-url,\"sameshitasiteverwas.com/traf/tds/in.cgi?2\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Korea Republic Of,0,", "outcome": "failure", @@ -5834,7 +5799,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:39.000+10:00", + "@timestamp": "2012-10-30T09:47:02.000+10:00", "destination": { "domain": "svarkon.ru", "geo": { @@ -5863,7 +5828,6 @@ "threat", "network" ], - "created": "2012-10-30T09:47:02.000+10:00", "kind": "alert", "original": "Oct 30 09:47:02 1,2012/10/30 09:47:02,01606001116,THREAT,url,1,2012/04/10 04:39:39,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:40,26965,1,59251,80,0,0,0x200000,tcp,block-url,\"svarkon.ru/update.exe\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", "outcome": "failure", @@ -5999,7 +5963,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:36.000+10:00", + "@timestamp": "2012-10-30T09:47:12.000+10:00", "destination": { "domain": "onlinescanxpp.com", "geo": { @@ -6028,7 +5992,6 @@ "threat", "network" ], - "created": "2012-10-30T09:47:12.000+10:00", "kind": "alert", "original": "Oct 30 09:47:12 1,2012/10/30 09:47:12,01606001116,THREAT,url,1,2012/04/10 04:39:36,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:37,26076,1,59244,80,0,0,0x200000,tcp,block-url,\"onlinescanxpp.com/land/eurl/1.php?code=\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -6165,7 +6128,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:34.000+10:00", + "@timestamp": "2012-10-30T09:47:17.000+10:00", "destination": { "domain": "nolagtime.com", "geo": { @@ -6194,7 +6157,6 @@ "threat", "network" ], - "created": "2012-10-30T09:47:17.000+10:00", "kind": "alert", "original": "Oct 30 09:47:17 1,2012/10/30 09:47:17,01606001116,THREAT,url,1,2012/04/10 04:39:34,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:35,26198,1,59237,80,0,0,0x200000,tcp,block-url,\"nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -6330,7 +6292,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:35.000+10:00", + "@timestamp": "2012-10-30T09:47:17.000+10:00", "destination": { "domain": "nolagtime.com", "geo": { @@ -6359,7 +6321,6 @@ "threat", "network" ], - "created": "2012-10-30T09:47:17.000+10:00", "kind": "alert", "original": "Oct 30 09:47:17 1,2012/10/30 09:47:17,01606001116,THREAT,url,1,2012/04/10 04:39:35,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:36,26056,1,59238,80,0,0,0x200000,tcp,block-url,\"nolagtime.com/gwc.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -6495,7 +6456,7 @@ } }, { - "@timestamp": "2012-04-10T04:38:19.000+10:00", + "@timestamp": "2012-10-30T09:51:03.000+10:00", "destination": { "domain": "karavan.us", "geo": { @@ -6524,7 +6485,6 @@ "threat", "network" ], - "created": "2012-10-30T09:51:03.000+10:00", "kind": "alert", "original": "Oct 30 09:51:03 1,2012/10/30 09:51:03,01606001116,THREAT,url,1,2012/04/10 04:38:19,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:20,25465,1,59010,80,0,0,0x200000,tcp,block-url,\"karavan.us/bon/index.php\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -6660,7 +6620,7 @@ } }, { - "@timestamp": "2012-04-10T04:38:14.000+10:00", + "@timestamp": "2012-10-30T09:51:23.000+10:00", "destination": { "domain": "findnolimits.com", "geo": { @@ -6689,7 +6649,6 @@ "threat", "network" ], - "created": "2012-10-30T09:51:23.000+10:00", "kind": "alert", "original": "Oct 30 09:51:23 1,2012/10/30 09:51:23,01606001116,THREAT,url,1,2012/04/10 04:38:14,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:15,24316,1,58969,80,0,0,0x200000,tcp,block-url,\"findnolimits.com/go.php?sid=1\",(9999),dead-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -6826,7 +6785,7 @@ } }, { - "@timestamp": "2012-04-10T04:38:12.000+10:00", + "@timestamp": "2012-10-30T09:51:33.000+10:00", "destination": { "domain": "bizoplata.ru", "geo": { @@ -6855,7 +6814,6 @@ "threat", "network" ], - "created": "2012-10-30T09:51:33.000+10:00", "kind": "alert", "original": "Oct 30 09:51:33 1,2012/10/30 09:51:33,01606001116,THREAT,url,1,2012/04/10 04:38:12,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:13,17258,1,58941,80,0,0,0x200000,tcp,block-url,\"bizoplata.ru/moun.html\",(9999),parked-domains,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", "outcome": "failure", @@ -6991,7 +6949,7 @@ } }, { - "@timestamp": "2012-04-10T04:38:12.000+10:00", + "@timestamp": "2012-10-30T09:51:33.000+10:00", "destination": { "domain": "bizoplata.ru", "geo": { @@ -7020,7 +6978,6 @@ "threat", "network" ], - "created": "2012-10-30T09:51:33.000+10:00", "kind": "alert", "original": "Oct 30 09:51:33 1,2012/10/30 09:51:33,01606001116,THREAT,url,1,2012/04/10 04:38:12,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:38:13,24735,1,58942,80,0,0,0x200000,tcp,block-url,\"bizoplata.ru/palast.html\",(9999),parked-domains,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", "outcome": "failure", @@ -7156,7 +7113,7 @@ } }, { - "@timestamp": "2012-04-10T04:37:28.000+10:00", + "@timestamp": "2012-10-30T09:53:33.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -7177,7 +7134,6 @@ "threat", "network" ], - "created": "2012-10-30T09:53:33.000+10:00", "kind": "alert", "original": "Oct 30 09:53:33 1,2012/10/30 09:53:33,01606001116,THREAT,spyware,1,2012/04/10 04:37:28,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:33,23497,1,80,58849,0,0,0x200000,tcp,drop-all-packets,\"controller.php\",Bredolab.Gen Command and Control Traffic(13024),any,critical,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -7308,7 +7264,7 @@ ] }, { - "@timestamp": "2012-04-10T04:37:32.000+10:00", + "@timestamp": "2012-10-30T09:53:38.000+10:00", "destination": { "domain": "www.15min.it", "geo": { @@ -7337,7 +7293,6 @@ "threat", "network" ], - "created": "2012-10-30T09:53:38.000+10:00", "kind": "alert", "original": "Oct 30 09:53:38 1,2012/10/30 09:53:38,01606001116,THREAT,url,1,2012/04/10 04:37:32,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:32,23711,1,58856,80,0,0,0x200000,tcp,block-url,\"www.15min.it/\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Canada,0,", "outcome": "failure", @@ -7472,7 +7427,7 @@ } }, { - "@timestamp": "2012-04-10T04:37:27.000+10:00", + "@timestamp": "2012-10-30T09:53:48.000+10:00", "destination": { "domain": "tubemov.com", "geo": { @@ -7501,7 +7456,6 @@ "threat", "network" ], - "created": "2012-10-30T09:53:48.000+10:00", "kind": "alert", "original": "Oct 30 09:53:48 1,2012/10/30 09:53:48,01606001116,THREAT,url,1,2012/04/10 04:37:27,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:27,23659,1,58847,80,0,0,0x200000,tcp,block-url,\"tubemov.com/\",(9999),adult-and-pornography,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -7636,7 +7590,7 @@ } }, { - "@timestamp": "2012-04-10T04:37:25.000+10:00", + "@timestamp": "2012-10-30T09:53:58.000+10:00", "destination": { "domain": "pagesinxt.com", "geo": { @@ -7665,7 +7619,6 @@ "threat", "network" ], - "created": "2012-10-30T09:53:58.000+10:00", "kind": "alert", "original": "Oct 30 09:53:58 1,2012/10/30 09:53:58,01606001116,THREAT,url,1,2012/04/10 04:37:25,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:25,23782,1,58841,80,0,0,0x200000,tcp,block-url,\"pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Virgin Islands British,0,", "outcome": "failure", @@ -7801,7 +7754,7 @@ } }, { - "@timestamp": "2012-04-10T04:37:05.000+10:00", + "@timestamp": "2012-10-30T09:55:23.000+10:00", "destination": { "domain": "movfree.com", "geo": { @@ -7830,7 +7783,6 @@ "threat", "network" ], - "created": "2012-10-30T09:55:23.000+10:00", "kind": "alert", "original": "Oct 30 09:55:23 1,2012/10/30 09:55:23,01606001116,THREAT,url,1,2012/04/10 04:37:05,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:37:06,23239,1,58795,80,0,0,0x200000,tcp,block-url,\"movfree.com/\",(9999),spyware-and-adware,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -7965,7 +7917,7 @@ } }, { - "@timestamp": "2012-04-10T04:36:51.000+10:00", + "@timestamp": "2012-10-30T09:56:23.000+10:00", "destination": { "domain": "gometascan.com", "geo": { @@ -7994,7 +7946,6 @@ "threat", "network" ], - "created": "2012-10-30T09:56:23.000+10:00", "kind": "alert", "original": "Oct 30 09:56:23 1,2012/10/30 09:56:23,01606001116,THREAT,url,1,2012/04/10 04:36:51,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:52,22479,1,58753,80,0,0,0x200000,tcp,block-url,\"gometascan.com/\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -8129,7 +8080,7 @@ } }, { - "@timestamp": "2012-04-10T04:36:39.000+10:00", + "@timestamp": "2012-10-30T09:57:33.000+10:00", "destination": { "domain": "antivirus-powerful-scannerv2.com", "geo": { @@ -8158,7 +8109,6 @@ "threat", "network" ], - "created": "2012-10-30T09:57:33.000+10:00", "kind": "alert", "original": "Oct 30 09:57:33 1,2012/10/30 09:57:33,01606001116,THREAT,url,1,2012/04/10 04:36:39,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:40,21458,1,58708,80,0,0,0x200000,tcp,block-url,\"antivirus-powerful-scannerv2.com/download/Install_11-1.exe\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -8294,7 +8244,7 @@ } }, { - "@timestamp": "2012-04-10T04:36:38.000+10:00", + "@timestamp": "2012-10-30T09:57:38.000+10:00", "destination": { "domain": "antivirus-powerful-scannerv2.com", "geo": { @@ -8323,7 +8273,6 @@ "threat", "network" ], - "created": "2012-10-30T09:57:38.000+10:00", "kind": "alert", "original": "Oct 30 09:57:38 1,2012/10/30 09:57:38,01606001116,THREAT,url,1,2012/04/10 04:36:38,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:39,21577,1,58707,80,0,0,0x200000,tcp,block-url,\"antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -8459,7 +8408,7 @@ } }, { - "@timestamp": "2012-04-10T04:36:27.000+10:00", + "@timestamp": "2013-03-25T23:58:52.000+10:00", "destination": { "domain": "basdzsdas.com", "geo": { @@ -8488,7 +8437,6 @@ "threat", "network" ], - "created": "2013-03-25T23:58:52.000+10:00", "kind": "alert", "original": "Mar 25 23:58:52 1,2013/03/25 23:58:52,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,\"basdzsdas.com/poker/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -8624,7 +8572,7 @@ } }, { - "@timestamp": "2012-04-10T04:36:27.000+10:00", + "@timestamp": "2013-03-25T23:58:52.000+10:00", "destination": { "domain": "basdzsdas.com", "geo": { @@ -8653,7 +8601,6 @@ "threat", "network" ], - "created": "2013-03-25T23:58:52.000+10:00", "kind": "alert", "original": "Mar 25 23:58:52 1,2013/03/25 23:58:52,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,\"basdzsdas.com/poker/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -8789,7 +8736,7 @@ } }, { - "@timestamp": "2012-04-10T04:19:59.000+10:00", + "@timestamp": "2013-03-25T23:58:57.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -8810,7 +8757,6 @@ "threat", "network" ], - "created": "2013-03-25T23:58:57.000+10:00", "kind": "alert", "original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,file,1,2012/04/10 04:19:59,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,\"uLLGRaXP.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -8947,7 +8893,7 @@ ] }, { - "@timestamp": "2012-04-10T04:36:27.000+10:00", + "@timestamp": "2013-03-25T23:58:57.000+10:00", "destination": { "domain": "basdzsdas.com", "geo": { @@ -8976,7 +8922,6 @@ "threat", "network" ], - "created": "2013-03-25T23:58:57.000+10:00", "kind": "alert", "original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,url,1,2012/04/10 04:36:27,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:36:28,21487,1,58603,80,0,0,0x200000,tcp,block-url,\"basdzsdas.com/poker/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -9112,7 +9057,7 @@ } }, { - "@timestamp": "2012-04-10T04:51:29.000+10:00", + "@timestamp": "2013-03-25T23:59:07.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -9133,7 +9078,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:07.000+10:00", "kind": "alert", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,file,1,2012/04/10 04:51:29,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:51:34,37983,1,80,61220,0,0,0x200000,tcp,deny,\"FunkyEmoticons_setup.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,European Union,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -9270,7 +9214,7 @@ ] }, { - "@timestamp": "2012-04-10T04:54:33.000+10:00", + "@timestamp": "2013-03-25T23:59:07.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -9291,7 +9235,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:07.000+10:00", "kind": "alert", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,file,1,2012/04/10 04:54:33,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:54:38,41989,1,80,61726,0,0,0x200000,tcp,deny,\"52hxw.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,China,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -9428,7 +9371,7 @@ ] }, { - "@timestamp": "2012-04-10T05:01:00.000+10:00", + "@timestamp": "2013-03-25T23:59:07.000+10:00", "destination": { "domain": "softsellfast.com", "geo": { @@ -9457,7 +9400,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:07.000+10:00", "kind": "alert", "original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,01606001116,THREAT,url,1,2012/04/10 05:01:00,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 05:01:00,49238,1,63007,80,0,0,0x200000,tcp,block-url,\"softsellfast.com/test/config.bin\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -9593,7 +9535,7 @@ } }, { - "@timestamp": "2012-04-10T04:45:17.000+10:00", + "@timestamp": "2013-03-25T23:59:12.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -9614,7 +9556,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:12.000+10:00", "kind": "alert", "original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,file,1,2012/04/10 04:45:17,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:45:23,21592,1,80,60212,0,0,0x200000,tcp,deny,\"setup.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,Netherlands,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -9751,7 +9692,7 @@ ] }, { - "@timestamp": "2012-04-10T04:46:16.000+10:00", + "@timestamp": "2013-03-25T23:59:12.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -9772,7 +9713,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:12.000+10:00", "kind": "alert", "original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,file,1,2012/04/10 04:46:16,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:46:22,33760,1,80,60392,0,0,0x200000,tcp,deny,\"Live-Player_setup.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,European Union,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -9909,7 +9849,7 @@ ] }, { - "@timestamp": "2012-04-10T04:42:39.000+10:00", + "@timestamp": "2013-03-25T23:59:12.000+10:00", "destination": { "domain": "boialex.narod.ru", "geo": { @@ -9938,7 +9878,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:12.000+10:00", "kind": "alert", "original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:39,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:39,28723,1,59709,80,0,0,0x200000,tcp,block-url,\"boialex.narod.ru/config.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", "outcome": "failure", @@ -10074,7 +10013,7 @@ } }, { - "@timestamp": "2012-04-10T04:42:42.000+10:00", + "@timestamp": "2013-03-25T23:59:12.000+10:00", "destination": { "domain": "edw-melon.narod.ru", "geo": { @@ -10103,7 +10042,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:12.000+10:00", "kind": "alert", "original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:42,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:42,28932,1,59721,80,0,0,0x200000,tcp,block-url,\"edw-melon.narod.ru/config.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", "outcome": "failure", @@ -10239,7 +10177,7 @@ } }, { - "@timestamp": "2012-04-10T04:42:51.000+10:00", + "@timestamp": "2013-03-25T23:59:12.000+10:00", "destination": { "domain": "maximtushin.narod.ru", "geo": { @@ -10268,7 +10206,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:12.000+10:00", "kind": "alert", "original": "Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:51,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:51,28953,1,59752,80,0,0,0x200000,tcp,block-url,\"maximtushin.narod.ru/config.txt\",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0,", "outcome": "failure", @@ -10404,7 +10341,7 @@ } }, { - "@timestamp": "2012-04-10T04:19:59.000+10:00", + "@timestamp": "2013-03-25T23:59:17.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -10425,7 +10362,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:17.000+10:00", "kind": "alert", "original": "Mar 25 23:59:17 1,2013/03/25 23:59:17,01606001116,THREAT,file,1,2012/04/10 04:19:59,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,\"uLLGRaXP.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -10562,7 +10498,7 @@ ] }, { - "@timestamp": "2012-04-10T04:09:01.000+10:00", + "@timestamp": "2013-03-25T23:59:22.000+10:00", "destination": { "domain": "marketingsoluchion.biz", "geo": { @@ -10591,7 +10527,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:22.000+10:00", "kind": "alert", "original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,THREAT,url,1,2012/04/10 04:09:01,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:09:01,55402,1,63183,80,0,0,0x200000,tcp,block-url,\"marketingsoluchion.biz/fkn/config.bin\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "failure", @@ -10727,7 +10662,7 @@ } }, { - "@timestamp": "2012-04-09T08:18:27.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "city_name": "Changchun", @@ -10755,7 +10690,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:27,192.168.0.6,175.16.199.1,0.0.0.0,0.0.0.0,rule1,jordy,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:32,25217,1,1047,80,0,0,0x200000,tcp,alert,\"default.aspx\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "success", @@ -10885,7 +10819,7 @@ } }, { - "@timestamp": "2012-04-09T08:18:29.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -10906,7 +10840,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:29,175.16.199.1,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:34,25653,1,80,1039,0,0,0x200000,tcp,alert,\"sck.aspx\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -11040,7 +10973,7 @@ ] }, { - "@timestamp": "2012-04-09T08:18:32.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -11061,7 +10994,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:32,175.16.199.1,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:37,25717,3,80,1064,0,0,0x200000,tcp,alert,\"ADSAdClient31.dll\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -11195,7 +11127,7 @@ ] }, { - "@timestamp": "2012-04-09T08:18:33.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "city_name": "Changchun", @@ -11223,7 +11155,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:33,192.168.0.6,175.16.199.1,0.0.0.0,0.0.0.0,rule1,jordy,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:38,25290,1,1048,80,0,0,0x200000,tcp,alert,\"c.gif\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "success", @@ -11353,7 +11284,7 @@ } }, { - "@timestamp": "2012-04-09T08:18:37.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -11374,7 +11305,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:37,175.16.199.1,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:42,25932,1,80,1071,0,0,0x200000,tcp,alert,\"csi\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -11508,7 +11438,7 @@ ] }, { - "@timestamp": "2012-04-09T08:50:12.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "city_name": "Changchun", @@ -11536,7 +11466,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:50:12,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,picard,,pandora,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:50:17,28264,1,57502,80,0,0,0x200000,tcp,alert,\"internal-tuner.pandora.com\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "success", @@ -11666,7 +11595,7 @@ } }, { - "@timestamp": "2012-04-09T08:58:18.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -11687,7 +11616,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:58:18,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:58:22,29312,1,80,57876,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -11821,7 +11749,7 @@ ] }, { - "@timestamp": "2012-04-09T08:22:27.000+10:00", + "@timestamp": "2013-03-25T23:59:32.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -11842,7 +11770,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:32.000+10:00", "kind": "alert", "original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,file,1,2012/04/09 08:22:27,175.16.199.1,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:22:31,26747,1,80,1082,0,0,0x200000,tcp,deny,\"about.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,Ukraine,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -11979,7 +11906,7 @@ ] }, { - "@timestamp": "2012-04-09T07:11:43.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -12000,7 +11927,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:11:43,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:11:48,19205,1,80,50986,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -12134,7 +12060,7 @@ ] }, { - "@timestamp": "2012-04-09T07:14:02.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -12155,7 +12081,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:14:02,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:14:07,19360,1,80,51716,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -12289,7 +12214,7 @@ ] }, { - "@timestamp": "2012-04-09T07:14:39.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -12310,7 +12235,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:14:39,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:14:44,19696,1,80,52119,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -12444,7 +12368,7 @@ ] }, { - "@timestamp": "2012-04-09T07:16:03.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -12465,7 +12389,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:16:03,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:16:08,19679,1,80,52411,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -12599,7 +12522,7 @@ ] }, { - "@timestamp": "2012-04-09T07:18:14.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "city_name": "Changchun", @@ -12627,7 +12550,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:18:14,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,picard,,google-analytics,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:18:19,19448,1,52366,80,0,0,0x200000,tcp,alert,\"__utm.gif\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "success", @@ -12757,7 +12679,7 @@ } }, { - "@timestamp": "2012-04-09T07:25:04.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -12778,7 +12700,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:25:04,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:25:09,20422,1,80,53026,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -12912,7 +12833,7 @@ ] }, { - "@timestamp": "2012-04-09T07:36:04.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -12933,7 +12854,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 07:36:04,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 07:36:09,21267,1,80,53809,0,0,0x200000,tcp,alert,\"nav_logo107.png\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -13067,7 +12987,7 @@ ] }, { - "@timestamp": "2012-04-09T08:08:08.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -13088,7 +13008,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:08:08,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:08:13,24567,1,80,55912,0,0,0x200000,tcp,alert,\"Eadweard_Muybridge\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -13222,7 +13141,7 @@ ] }, { - "@timestamp": "2012-04-09T08:08:44.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -13243,7 +13162,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:08:44,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:08:49,24646,1,80,55916,0,0,0x200000,tcp,alert,\"load.php\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -13377,7 +13295,7 @@ ] }, { - "@timestamp": "2012-04-09T08:16:57.000+10:00", + "@timestamp": "2013-03-25T23:59:37.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -13398,7 +13316,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:37.000+10:00", "kind": "alert", "original": "Mar 25 23:59:37 1,2013/03/25 23:59:37,01606001116,THREAT,data,1,2012/04/09 08:16:57,175.16.199.1,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:17:01,25874,1,80,1046,0,0,0x200000,tcp,reset-both,\"8fe44cb728c0f40750c64ee906eb72.css\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -13532,7 +13449,7 @@ ] }, { - "@timestamp": "2012-04-09T04:06:41.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -13553,7 +13470,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 04:06:41,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:06:46,2175,1,80,61734,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -13687,7 +13603,7 @@ ] }, { - "@timestamp": "2012-04-09T04:12:52.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -13708,7 +13624,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 04:12:52,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:12:57,3046,1,80,62292,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -13842,7 +13757,7 @@ ] }, { - "@timestamp": "2012-04-09T06:07:49.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -13863,7 +13778,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:07:49,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,rss,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:07:54,1560,1,80,64669,0,0,0x200000,tcp,alert,\"appcast.xml\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -13997,7 +13911,7 @@ ] }, { - "@timestamp": "2012-04-09T06:48:44.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -14018,7 +13932,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:48:44,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:48:48,16852,1,80,65265,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -14152,7 +14065,7 @@ ] }, { - "@timestamp": "2012-04-09T06:48:59.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -14173,7 +14086,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:48:59,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:49:05,15948,1,80,64979,0,0,0x200000,tcp,alert,\"csi\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -14307,7 +14219,7 @@ ] }, { - "@timestamp": "2012-04-09T06:50:14.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -14328,7 +14240,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:50:14,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:50:19,17028,1,80,49432,0,0,0x200000,tcp,alert,\"index.php\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -14462,7 +14373,7 @@ ] }, { - "@timestamp": "2012-04-09T06:51:34.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -14483,7 +14394,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:51:34,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:51:39,15878,1,80,49722,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -14617,7 +14527,7 @@ ] }, { - "@timestamp": "2012-04-09T06:53:41.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "city_name": "Changchun", @@ -14645,7 +14555,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:53:41,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,picard,,google-analytics,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:53:47,16602,1,49681,80,0,0,0x200000,tcp,alert,\"__utm.gif\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "success", @@ -14775,7 +14684,7 @@ } }, { - "@timestamp": "2012-04-09T06:54:35.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -14796,7 +14705,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:54:35,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:54:41,17433,1,80,50108,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -14930,7 +14838,7 @@ ] }, { - "@timestamp": "2012-04-09T06:54:55.000+10:00", + "@timestamp": "2013-03-25T23:59:42.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -14951,7 +14859,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:42.000+10:00", "kind": "alert", "original": "Mar 25 23:59:42 1,2013/03/25 23:59:42,01606001116,THREAT,data,1,2012/04/09 06:54:55,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,picard,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 06:55:00,17104,1,80,50387,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -15085,7 +14992,7 @@ ] }, { - "@timestamp": "2012-04-09T03:44:49.000+10:00", + "@timestamp": "2013-03-25T23:59:47.000+10:00", "destination": { "geo": { "city_name": "Changchun", @@ -15113,7 +15020,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:44:49,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,jordy,,pandora,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:44:55,63706,1,59781,80,0,0,0x200000,tcp,alert,\"internal-tuner.pandora.com\",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "outcome": "success", @@ -15243,7 +15149,7 @@ } }, { - "@timestamp": "2012-04-09T03:45:45.000+10:00", + "@timestamp": "2013-03-25T23:59:47.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -15264,7 +15170,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:45:45,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:45:50,65257,1,80,60005,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -15398,7 +15303,7 @@ ] }, { - "@timestamp": "2012-04-09T03:49:17.000+10:00", + "@timestamp": "2013-03-25T23:59:47.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -15419,7 +15324,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:49:17,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:49:22,537,1,80,60443,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -15553,7 +15457,7 @@ ] }, { - "@timestamp": "2012-04-09T03:53:41.000+10:00", + "@timestamp": "2013-03-25T23:59:47.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -15574,7 +15478,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:53:41,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:53:45,914,1,80,60822,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -15708,7 +15611,7 @@ ] }, { - "@timestamp": "2012-04-09T03:55:23.000+10:00", + "@timestamp": "2013-03-25T23:59:47.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -15729,7 +15632,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:55:23,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:55:28,1475,1,80,61105,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -15863,7 +15765,7 @@ ] }, { - "@timestamp": "2012-04-09T03:55:52.000+10:00", + "@timestamp": "2013-03-25T23:59:47.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -15884,7 +15786,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 03:55:52,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-analytics,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 03:55:57,883,1,80,60782,0,0,0x200000,tcp,alert,\"ga.js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "success", @@ -16018,7 +15919,7 @@ ] }, { - "@timestamp": "2012-04-09T04:03:55.000+10:00", + "@timestamp": "2013-03-25T23:59:47.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -16039,7 +15940,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,data,1,2012/04/09 04:03:55,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,jordy,google-maps,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 04:04:00,1965,1,80,61470,0,0,0x200000,tcp,reset-both,\"js\",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -16173,7 +16073,7 @@ ] }, { - "@timestamp": "2012-04-10T04:19:59.000+10:00", + "@timestamp": "2013-03-25T23:58:57.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -16194,7 +16094,6 @@ "threat", "network" ], - "created": "2013-03-25T23:58:57.000+10:00", "kind": "alert", "original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,file,1,2012/04/10 04:19:59,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,\"C:\\path\\to\\uLLGRaXP.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -16332,7 +16231,7 @@ ] }, { - "@timestamp": "2012-04-10T04:19:59.000+10:00", + "@timestamp": "2013-03-25T23:58:57.000+10:00", "destination": { "geo": { "name": "192.168.0.0-192.168.255.255" @@ -16353,7 +16252,6 @@ "threat", "network" ], - "created": "2013-03-25T23:58:57.000+10:00", "kind": "alert", "original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,THREAT,file,1,2012/04/10 04:19:59,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,\"/path/to/uLLGRaXP.exe\",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0,", "outcome": "failure", @@ -16510,7 +16408,6 @@ "threat", "network" ], - "created": "2013-03-25T23:59:47.000+10:00", "kind": "alert", "original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,THREAT,url,1,2012/04/09 04:03:55,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,intranet\\\\schmidtdo,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:51,28953,1,59752,80,0,0,0x200000,tcp,alert,\"portal.azure.com/api/Telemetry\",(9999),computer-and-internet-info,informational,client-to-server,0,0x8000000000000000,192.168.0.0-192.168.255.255,United States,,text/plain,0,,,1,\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\",,,\"https://portal.azure.com/\",,,,0,267,24,19,0,,de-fwpm1-spelle,,,,post,0,,0,2022/11/29 12:59:46,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\"computer-and-internet-info,low-risk\",9d9738ea-f704-4b0f-90cf-a62bcbad0236,542331861,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2022-11-29T13:00:01.051+01:00,,,,general-business,saas,browser-based,1,\"pervasive-use,is-saas,is-fedramp,is-hipaa,is-soc1,is-soc2,is-ip-based-restrictions\",windows-azure,windows-azure-base,yes,no", "outcome": "success", @@ -16748,7 +16645,6 @@ "threat", "network" ], - "created": "2023-06-07T23:59:47.000+10:00", "kind": "alert", "original": "Jun 07 23:59:47 1,2023/06/07 23:59:47,01606001116,THREAT,url,1,2012/04/09 04:03:55,175.16.199.1,192.168.0.2,0.0.0.0,0.0.0.0,rule1,intranet\\\\schmidtdo,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:51,28953,1,59752,80,0,0,0x200000,tcp,alert,\"portal.azure.com/api/Telemetry\",(9999),computer-and-internet-info,informational,client-to-server,0,0x8000000000000000,192.168.0.0-192.168.255.255,United States,,text/plain,0,,,1,\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\",,,\"https://portal.azure.com/\",,,,0,267,24,19,0,,de-fwpm1-spelle,,,,post,0,,0,2022/11/29 12:59:46,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\" ADFS Servers,computer-and-internet-info,low-risk\",9d9738ea-f704-4b0f-90cf-a62bcbad0236,542331861,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2022-11-29T13:00:01.051+01:00,,,,general-business,saas,browser-based,1,\"pervasive-use,is-saas,is-fedramp,is-hipaa,is-soc1,is-soc2,is-ip-based-restrictions\",windows-azure,windows-azure-base,yes,no", "outcome": "success", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json index 6a85e28bfb5..cb8c65f9029 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -29,7 +29,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:59.000Z", "kind": "event", @@ -77,7 +76,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "11449", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -121,7 +122,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -149,7 +150,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:58.000Z", "kind": "event", @@ -197,7 +197,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25572", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -241,7 +243,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -269,7 +271,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:58.000Z", "kind": "event", @@ -317,7 +318,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26208", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -361,7 +364,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -389,7 +392,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:58.000Z", "kind": "event", @@ -437,7 +439,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "14931", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -481,7 +485,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -509,7 +513,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:58.000Z", "kind": "event", @@ -557,7 +560,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25544", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -601,7 +606,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -629,7 +634,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:58.000Z", "kind": "event", @@ -677,7 +681,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25308", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -721,7 +727,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -749,7 +755,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:58.000Z", "kind": "event", @@ -797,7 +802,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26376", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -841,7 +848,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 806, "geo": { @@ -869,7 +876,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:28.000Z", "kind": "event", @@ -917,7 +923,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25118", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -961,7 +969,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 806, "geo": { @@ -989,7 +997,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:28.000Z", "kind": "event", @@ -1037,7 +1044,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26146", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1081,7 +1090,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 806, "geo": { @@ -1109,7 +1118,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:28.000Z", "kind": "event", @@ -1157,7 +1165,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25272", + "generated_time": "2012-04-10T04:39:58.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1201,7 +1211,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -1229,7 +1239,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:58.000Z", "kind": "event", @@ -1277,7 +1286,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24069", + "generated_time": "2012-04-10T04:39:57.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1321,7 +1332,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -1349,7 +1360,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:57.000Z", "kind": "event", @@ -1397,7 +1407,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25848", + "generated_time": "2012-04-10T04:39:57.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1441,7 +1453,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -1469,7 +1481,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:57.000Z", "kind": "event", @@ -1517,7 +1528,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25179", + "generated_time": "2012-04-10T04:39:57.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1561,7 +1574,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "destination": { "bytes": 0, "geo": { @@ -1589,7 +1602,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000Z", "duration": 0, "end": "2012-04-10T04:39:57.000Z", "kind": "event", @@ -1637,7 +1649,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25112", + "generated_time": "2012-04-10T04:39:57.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1681,7 +1695,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 806, "geo": { @@ -1709,7 +1723,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:27.000Z", "kind": "event", @@ -1757,7 +1770,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26161", + "generated_time": "2012-04-10T04:39:57.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1801,7 +1816,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:57.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 806, "geo": { @@ -1829,7 +1844,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:27.000Z", "kind": "event", @@ -1877,7 +1891,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26000", + "generated_time": "2012-04-10T04:39:57.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -1921,7 +1937,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 551, "geo": { @@ -1949,7 +1965,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 512000000000, "end": "2012-04-10T04:38:26.000Z", "kind": "event", @@ -1997,7 +2012,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "65184", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2041,7 +2058,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -2069,7 +2086,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:56.000Z", "kind": "event", @@ -2117,7 +2133,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26522", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2161,7 +2179,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -2189,7 +2207,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:56.000Z", "kind": "event", @@ -2237,7 +2254,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26067", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2281,7 +2300,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -2309,7 +2328,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:56.000Z", "kind": "event", @@ -2357,7 +2375,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26573", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2401,7 +2421,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -2429,7 +2449,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:56.000Z", "kind": "event", @@ -2477,7 +2496,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26894", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2521,7 +2542,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -2549,7 +2570,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:56.000Z", "kind": "event", @@ -2597,7 +2617,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25149", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2641,7 +2663,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 98, "geo": { @@ -2669,7 +2691,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:26.000Z", "kind": "event", @@ -2717,7 +2738,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25258", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2761,7 +2784,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 806, "geo": { @@ -2789,7 +2812,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:26.000Z", "kind": "event", @@ -2837,7 +2859,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25025", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -2881,7 +2905,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 806, "geo": { @@ -2909,7 +2933,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:26.000Z", "kind": "event", @@ -2957,7 +2980,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26138", + "generated_time": "2012-04-10T04:39:56.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3001,7 +3026,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -3029,7 +3054,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:56.000Z", "kind": "event", @@ -3077,7 +3101,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "27175", + "generated_time": "2012-04-10T04:39:55.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3121,7 +3147,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -3149,7 +3175,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:55.000Z", "kind": "event", @@ -3197,7 +3222,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26261", + "generated_time": "2012-04-10T04:39:55.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3241,7 +3268,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -3269,7 +3296,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:55.000Z", "kind": "event", @@ -3317,7 +3343,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25022", + "generated_time": "2012-04-10T04:39:55.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3361,7 +3389,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 504, "geo": { @@ -3389,7 +3417,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 125000000000, "end": "2012-04-10T04:39:55.000Z", "kind": "event", @@ -3437,7 +3464,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24027", + "generated_time": "2012-04-10T04:39:55.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3481,7 +3510,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000Z", + "@timestamp": "2012-10-30T09:46:17.000Z", "destination": { "bytes": 0, "geo": { @@ -3509,7 +3538,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:17.000Z", "duration": 0, "end": "2012-04-10T04:39:55.000Z", "kind": "event", @@ -3557,7 +3585,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26360", + "generated_time": "2012-04-10T04:39:55.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:17.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3601,7 +3631,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -3629,7 +3659,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:55.000Z", "kind": "event", @@ -3677,7 +3706,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26394", + "generated_time": "2012-04-10T04:39:55.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3721,7 +3752,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:55.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 9130, "geo": { @@ -3749,7 +3780,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:25.000Z", "kind": "event", @@ -3797,7 +3827,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24917", + "generated_time": "2012-04-10T04:39:55.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3841,7 +3873,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -3869,7 +3901,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:55.000Z", "kind": "event", @@ -3917,7 +3948,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "22860", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -3961,7 +3994,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -3989,7 +4022,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:54.000Z", "kind": "event", @@ -4037,7 +4069,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "14146", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4081,7 +4115,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -4109,7 +4143,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:54.000Z", "kind": "event", @@ -4157,7 +4190,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25876", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4201,7 +4236,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -4229,7 +4264,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:54.000Z", "kind": "event", @@ -4277,7 +4311,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24910", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4321,7 +4357,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -4349,7 +4385,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:54.000Z", "kind": "event", @@ -4397,7 +4432,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26862", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4441,7 +4478,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -4469,7 +4506,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:54.000Z", "kind": "event", @@ -4517,7 +4553,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26222", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4561,7 +4599,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -4589,7 +4627,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:54.000Z", "kind": "event", @@ -4637,7 +4674,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26329", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4681,7 +4720,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 111, "geo": { @@ -4709,7 +4748,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:24.000Z", "kind": "event", @@ -4754,7 +4792,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25142", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4789,7 +4829,7 @@ ] }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 906, "geo": { @@ -4817,7 +4857,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:24.000Z", "kind": "event", @@ -4865,7 +4904,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25095", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -4909,7 +4950,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 5013, "geo": { @@ -4937,7 +4978,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:24.000Z", "kind": "event", @@ -4982,7 +5022,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24787", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5017,7 +5059,7 @@ ] }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 99, "geo": { @@ -5045,7 +5087,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:24.000Z", "kind": "event", @@ -5093,7 +5134,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25948", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5137,7 +5180,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 902, "geo": { @@ -5165,7 +5208,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:24.000Z", "kind": "event", @@ -5213,7 +5255,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25444", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5257,7 +5301,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:54.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 141, "geo": { @@ -5285,7 +5329,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:24.000Z", "kind": "event", @@ -5330,7 +5373,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25349", + "generated_time": "2012-04-10T04:39:54.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5365,7 +5410,7 @@ ] }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:22.000Z", "destination": { "bytes": 0, "geo": { @@ -5393,7 +5438,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:22.000Z", "duration": 0, "end": "2012-04-10T04:39:54.000Z", "kind": "event", @@ -5441,7 +5485,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25713", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:22.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5485,7 +5531,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -5513,7 +5559,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:53.000Z", "kind": "event", @@ -5561,7 +5606,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26499", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5605,7 +5652,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -5633,7 +5680,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:53.000Z", "kind": "event", @@ -5681,7 +5727,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25437", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5725,7 +5773,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -5753,7 +5801,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:53.000Z", "kind": "event", @@ -5801,7 +5848,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24848", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5845,7 +5894,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 316, "geo": { @@ -5873,7 +5922,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:23.000Z", "kind": "event", @@ -5921,7 +5969,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24924", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -5965,7 +6015,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 121, "geo": { @@ -5993,7 +6043,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:23.000Z", "kind": "event", @@ -6041,7 +6090,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25899", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6085,7 +6136,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 169, "geo": { @@ -6113,7 +6164,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:23.000Z", "kind": "event", @@ -6161,7 +6211,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26066", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6205,7 +6257,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 954, "geo": { @@ -6233,7 +6285,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:23.000Z", "kind": "event", @@ -6281,7 +6332,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24908", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6325,7 +6378,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 9130, "geo": { @@ -6353,7 +6406,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 2000000000, "end": "2012-04-10T04:39:23.000Z", "kind": "event", @@ -6401,7 +6453,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25105", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6445,7 +6499,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 555, "geo": { @@ -6473,7 +6527,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 512000000000, "end": "2012-04-10T04:38:23.000Z", "kind": "event", @@ -6521,7 +6574,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "11964", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6565,7 +6620,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:53.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -6593,7 +6648,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:53.000Z", "kind": "event", @@ -6641,7 +6695,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26502", + "generated_time": "2012-04-10T04:39:53.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6685,7 +6741,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -6713,7 +6769,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:53.000Z", "kind": "event", @@ -6761,7 +6816,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26338", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6805,7 +6862,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -6833,7 +6890,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:52.000Z", "kind": "event", @@ -6881,7 +6937,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24919", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -6925,7 +6983,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -6953,7 +7011,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:52.000Z", "kind": "event", @@ -7001,7 +7058,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26731", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7045,7 +7104,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -7073,7 +7132,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:52.000Z", "kind": "event", @@ -7121,7 +7179,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26504", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7165,7 +7225,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -7193,7 +7253,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:52.000Z", "kind": "event", @@ -7241,7 +7300,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25543", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7285,7 +7346,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -7313,7 +7374,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:52.000Z", "kind": "event", @@ -7361,7 +7421,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "21948", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7405,7 +7467,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:27.000Z", "destination": { "bytes": 0, "geo": { @@ -7433,7 +7495,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:27.000Z", "duration": 0, "end": "2012-04-10T04:39:52.000Z", "kind": "event", @@ -7481,7 +7542,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26279", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:27.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7525,7 +7588,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 906, "geo": { @@ -7553,7 +7616,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:22.000Z", "kind": "event", @@ -7601,7 +7663,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24894", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7645,7 +7709,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:52.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 163, "geo": { @@ -7673,7 +7737,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:22.000Z", "kind": "event", @@ -7721,7 +7784,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24985", + "generated_time": "2012-04-10T04:39:52.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7765,7 +7830,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:51.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -7793,7 +7858,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:51.000Z", "kind": "event", @@ -7841,7 +7905,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25380", + "generated_time": "2012-04-10T04:39:51.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -7885,7 +7951,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:51.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -7913,7 +7979,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:51.000Z", "kind": "event", @@ -7961,7 +8026,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24994", + "generated_time": "2012-04-10T04:39:51.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8005,7 +8072,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:51.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -8033,7 +8100,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:51.000Z", "kind": "event", @@ -8081,7 +8147,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25451", + "generated_time": "2012-04-10T04:39:51.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8125,7 +8193,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:51.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 922, "geo": { @@ -8153,7 +8221,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:21.000Z", "kind": "event", @@ -8201,7 +8268,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24866", + "generated_time": "2012-04-10T04:39:51.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8245,7 +8314,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -8273,7 +8342,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:51.000Z", "kind": "event", @@ -8321,7 +8389,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26414", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8365,7 +8435,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -8393,7 +8463,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:50.000Z", "kind": "event", @@ -8441,7 +8510,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26131", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8485,7 +8556,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -8513,7 +8584,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:50.000Z", "kind": "event", @@ -8561,7 +8631,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26555", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8605,7 +8677,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -8633,7 +8705,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:50.000Z", "kind": "event", @@ -8681,7 +8752,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "15099", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8725,7 +8798,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 26786, "geo": { @@ -8753,7 +8826,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:20.000Z", "kind": "event", @@ -8801,7 +8873,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24980", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8845,7 +8919,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -8873,7 +8947,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:50.000Z", "kind": "event", @@ -8921,7 +8994,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26215", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -8965,7 +9040,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -8993,7 +9068,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:50.000Z", "kind": "event", @@ -9041,7 +9115,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25881", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9085,7 +9161,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 0, "geo": { @@ -9113,7 +9189,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:50.000Z", "kind": "event", @@ -9161,7 +9236,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24955", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9205,7 +9282,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:32.000Z", "destination": { "bytes": 169, "geo": { @@ -9223,7 +9300,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:32.000Z", "duration": 0, "end": "2012-04-10T04:39:20.000Z", "kind": "event", @@ -9271,7 +9347,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24961", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:32.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9315,7 +9393,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 9064, "geo": { @@ -9343,7 +9421,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 3000000000, "end": "2012-04-10T04:39:20.000Z", "kind": "event", @@ -9391,7 +9468,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24226", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9435,7 +9514,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 9124, "geo": { @@ -9463,7 +9542,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 7000000000, "end": "2012-04-10T04:39:20.000Z", "kind": "event", @@ -9511,7 +9589,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25129", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9555,7 +9635,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 137, "geo": { @@ -9573,7 +9653,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:20.000Z", "kind": "event", @@ -9621,7 +9700,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25194", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9665,7 +9746,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:50.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 93, "geo": { @@ -9683,7 +9764,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:20.000Z", "kind": "event", @@ -9731,7 +9811,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26257", + "generated_time": "2012-04-10T04:39:50.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9775,7 +9857,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -9803,7 +9885,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:49.000Z", "kind": "event", @@ -9851,7 +9932,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24561", + "generated_time": "2012-04-10T04:39:49.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -9895,7 +9978,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -9923,7 +10006,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:49.000Z", "kind": "event", @@ -9971,7 +10053,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26150", + "generated_time": "2012-04-10T04:39:49.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10015,7 +10099,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10043,7 +10127,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:49.000Z", "kind": "event", @@ -10091,7 +10174,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25676", + "generated_time": "2012-04-10T04:39:49.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10135,7 +10220,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10163,7 +10248,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:49.000Z", "kind": "event", @@ -10211,7 +10295,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25306", + "generated_time": "2012-04-10T04:39:49.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10255,7 +10341,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10283,7 +10369,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:49.000Z", "kind": "event", @@ -10331,7 +10416,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26411", + "generated_time": "2012-04-10T04:39:49.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10375,7 +10462,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10393,7 +10480,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:19.000Z", "kind": "event", @@ -10441,7 +10527,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "24844", + "generated_time": "2012-04-10T04:39:49.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10485,7 +10573,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:49.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10513,7 +10601,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:49.000Z", "kind": "event", @@ -10561,7 +10648,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26335", + "generated_time": "2012-04-10T04:39:49.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10605,7 +10694,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10633,7 +10722,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:48.000Z", "kind": "event", @@ -10681,7 +10769,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26127", + "generated_time": "2012-04-10T04:39:48.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10725,7 +10815,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10753,7 +10843,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:48.000Z", "kind": "event", @@ -10801,7 +10890,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25488", + "generated_time": "2012-04-10T04:39:48.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10845,7 +10936,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 0, "geo": { @@ -10873,7 +10964,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 0, "end": "2012-04-10T04:39:48.000Z", "kind": "event", @@ -10921,7 +11011,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25269", + "generated_time": "2012-04-10T04:39:48.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -10965,7 +11057,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000Z", + "@timestamp": "2012-10-30T09:46:37.000Z", "destination": { "bytes": 906, "geo": { @@ -10993,7 +11085,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:37.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:18.000Z", "kind": "event", @@ -11041,7 +11132,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25715", + "generated_time": "2012-04-10T04:39:48.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:37.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -11085,7 +11178,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:48.000Z", + "@timestamp": "2012-10-30T09:46:42.000Z", "destination": { "bytes": 0, "geo": { @@ -11113,7 +11206,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:42.000Z", "duration": 0, "end": "2012-04-10T04:39:48.000Z", "kind": "event", @@ -11161,7 +11253,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "26251", + "generated_time": "2012-04-10T04:39:48.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:42.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -11205,7 +11299,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000Z", + "@timestamp": "2012-10-30T09:46:42.000Z", "destination": { "bytes": 0, "geo": { @@ -11233,7 +11327,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:42.000Z", "duration": 0, "end": "2012-04-10T04:39:48.000Z", "kind": "event", @@ -11281,7 +11374,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25871", + "generated_time": "2012-04-10T04:39:47.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:42.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -11325,7 +11420,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000Z", + "@timestamp": "2012-10-30T09:46:42.000Z", "destination": { "bytes": 0, "geo": { @@ -11353,7 +11448,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:42.000Z", "duration": 0, "end": "2012-04-10T04:39:47.000Z", "kind": "event", @@ -11401,7 +11495,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25945", + "generated_time": "2012-04-10T04:39:47.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:42.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -11445,7 +11541,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000Z", + "@timestamp": "2012-10-30T09:46:42.000Z", "destination": { "bytes": 0, "geo": { @@ -11463,7 +11559,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:42.000Z", "duration": 1000000000, "end": "2012-04-10T04:39:17.000Z", "kind": "event", @@ -11511,7 +11606,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25310", + "generated_time": "2012-04-10T04:39:47.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:42.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -11555,7 +11652,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000Z", + "@timestamp": "2012-10-30T09:46:42.000Z", "destination": { "bytes": 78, "geo": { @@ -11583,7 +11680,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:42.000Z", "duration": 0, "end": "2012-04-10T04:39:47.000Z", "kind": "event", @@ -11631,7 +11727,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "27111", + "generated_time": "2012-04-10T04:39:47.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:42.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -11675,7 +11773,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:47.000Z", + "@timestamp": "2012-10-30T09:46:42.000Z", "destination": { "bytes": 78, "geo": { @@ -11703,7 +11801,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:42.000Z", "duration": 0, "end": "2012-04-10T04:39:47.000Z", "kind": "event", @@ -11751,7 +11848,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "25398", + "generated_time": "2012-04-10T04:39:47.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:42.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", @@ -11795,7 +11894,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:46.000Z", + "@timestamp": "2012-10-30T09:46:42.000Z", "destination": { "bytes": 0, "geo": { @@ -11823,7 +11922,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:42.000Z", "duration": 0, "end": "2012-04-10T04:39:46.000Z", "kind": "event", @@ -11871,7 +11969,9 @@ "action": "allow", "action_flags": "0x0", "flow_id": "23898", + "generated_time": "2012-04-10T04:39:46.000Z", "log_profile": "forwardAll", + "received_time": "2012-10-30T09:46:42.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json index 73dc2990809..cb2bff35481 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2012-04-10T04:39:58.000-05:00", + "@timestamp": "2012-10-30T09:46:12.000-05:00", "destination": { "bytes": 0, "geo": { @@ -29,7 +29,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000-05:00", "duration": 0, "end": "2012-04-10T04:39:59.000-05:00", "kind": "event", @@ -169,7 +168,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000-05:00", + "@timestamp": "2012-10-30T09:46:12.000-05:00", "destination": { "bytes": 0, "geo": { @@ -197,7 +196,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000-05:00", "duration": 0, "end": "2012-04-10T04:39:59.000-05:00", "kind": "event", @@ -343,7 +341,7 @@ } }, { - "@timestamp": "2012-04-10T04:39:58.000-05:00", + "@timestamp": "2012-10-30T09:46:12.000-05:00", "destination": { "bytes": 0, "geo": { @@ -371,7 +369,6 @@ "category": [ "network" ], - "created": "2012-10-30T09:46:12.000-05:00", "duration": 0, "end": "2012-04-10T04:39:59.000-05:00", "kind": "event", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json index 23a48b904a1..089f128c18f 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json @@ -10,7 +10,6 @@ "network" ], "code": "1000", - "created": "2019-11-23T00:44:44.000+01:00", "kind": "event", "original": "1,2019/11/23 00:44:44,01234567890,IPTAG,login,2561,2019/11/23 00:44:44,vsys,81.2.69.142,tag-name,1000,1000,100,Data Source Name, Data Source Type,Data Source Subtype,1000,0x0,0,0,0,0,vsys-name,d-name,vsys-id,1970-01-01T01:00:00.000+01:00", "timezone": "+01:00" @@ -36,6 +35,8 @@ "device_group_hierarchy2": "0", "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", + "generated_time": "2019-11-23T00:44:44.000+01:00", + "received_time": "2019-11-23T00:44:44.000+01:00", "repeat_count": 1000, "sequence_number": "1000", "sub_type": "login", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json index 3b85371a8e4..294dda2623e 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json @@ -26,7 +26,6 @@ "category": [ "network" ], - "created": "2019-10-09T10:20:15.000+05:30", "kind": "event", "original": "Nov 30 16:09:08 1,2019/10/09 10:20:15,001234567890002,SCTP,0,2304,2019/10/09 10:20:15,81.2.69.142,81.2.69.144,,,rule-name,,,,vsys,src-zone,dst-zone,inbound-int,outbound-int,log-action,,1000,1000,9550,9551,,,,,tcp,action,0,0,0,0,vsys-name,device-name,1000,,2000,payload-protocol-id,4,chunk-type,,tag-1,tag-2,100,dia-app-id,dia-cmd-code,dia-avp-code,sctp-stream-id,end-reason,100,SSN,SGT,filter,1,2,3,11,12,13,3000,1970-01-01T01:00:00.000+01:00", "timezone": "+05:30" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json index 0794ceec50a..7e3c4649a07 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json @@ -10,7 +10,6 @@ "configuration" ], "code": "general", - "created": "2021-10-26T15:05:03.000Z", "kind": "event", "original": "1,2021/10/26 15:05:03,,SYSTEM,general,2561,2021/10/26 15:05:03,,general,,0,0,general,informational,\"Connection to Update server closed: updates.paloaltonetworks.com, source: 81.2.69.193\",1234567890,0x0,0,0,0,0,,PA-VM,0,0,2021-10-26T15:05:03.440-07:00", "severity": 5, @@ -34,8 +33,10 @@ "device_group_hierarchy2": "0", "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", + "generated_time": "2021-10-26T15:05:03.000Z", "high_resolution_timestamp": "2021-10-26T22:05:03.440Z", "module": "general", + "received_time": "2021-10-26T15:05:03.000Z", "sequence_number": "1234567890", "sub_type": "general", "type": "SYSTEM" @@ -60,7 +61,6 @@ "configuration" ], "code": "general", - "created": "2021-10-26T14:49:02.000Z", "kind": "event", "original": "1,2021/10/26 14:49:02,,SYSTEM,general,2561,2021/10/26 14:49:02,,general,,0,0,general,informational,\"Connection to Update server closed: updates.paloaltonetworks.com, source: 81.2.69.193\",1234567890,0x0,0,0,0,0,,PA-VM,0,0,2021-10-26T14:49:03.776-07:00", "severity": 5, @@ -84,8 +84,10 @@ "device_group_hierarchy2": "0", "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", + "generated_time": "2021-10-26T14:49:02.000Z", "high_resolution_timestamp": "2021-10-26T21:49:03.776Z", "module": "general", + "received_time": "2021-10-26T14:49:02.000Z", "sequence_number": "1234567890", "sub_type": "general", "type": "SYSTEM" @@ -110,7 +112,6 @@ "configuration" ], "code": "general", - "created": "2023-10-04T09:51:20.000Z", "kind": "event", "original": "1,2023/10/04 09:51:20,007058000248010,SYSTEM,general,2816,2023/10/04 09:51:21,,general,,0,0,general,informational,\"Connection to Update server: updates.paloaltonetworks.com completed successfully, initiated by 192.168.0.15\",7286123782408765862,0x0,0,0,0,0,,PA-VM,0,0,2023-10-04T09:51:21.211-07:00", "severity": 5, @@ -135,8 +136,10 @@ "device_group_hierarchy2": "0", "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", + "generated_time": "2023-10-04T09:51:21.000Z", "high_resolution_timestamp": "2023-10-04T16:51:21.211Z", "module": "general", + "received_time": "2023-10-04T09:51:20.000Z", "sequence_number": "7286123782408765862", "sub_type": "general", "type": "SYSTEM" @@ -161,7 +164,6 @@ "configuration" ], "code": "rasmgr-config-p2-success", - "created": "2023-10-04T09:49:30.000Z", "kind": "event", "original": "1,2023/10/04 09:49:30,007058000248010,SYSTEM,ras,2816,2023/10/04 09:49:31,,rasmgr-config-p2-success,,0,0,general,informational,\"RASMGR daemon configuration load phase-2 succeeded.\",7286123782408765849,0x0,0,0,0,0,,PA-VM,0,0,2023-10-04T09:49:31.372-07:00", "severity": 5, @@ -186,8 +188,10 @@ "device_group_hierarchy2": "0", "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", + "generated_time": "2023-10-04T09:49:31.000Z", "high_resolution_timestamp": "2023-10-04T16:49:31.372Z", "module": "general", + "received_time": "2023-10-04T09:49:30.000Z", "sequence_number": "7286123782408765849", "sub_type": "ras", "type": "SYSTEM" @@ -212,7 +216,6 @@ "configuration" ], "code": "ike-config-p2-success", - "created": "2023-10-04T09:49:30.000Z", "kind": "event", "original": "1,2023/10/04 09:49:30,007058000248010,SYSTEM,vpn,2816,2023/10/04 09:49:31,,ike-config-p2-success,,0,0,general,informational,\"IKE daemon configuration load phase-2 succeeded.\",7286123782408765846,0x0,0,0,0,0,,PA-VM,0,0,2023-10-04T09:49:31.363-07:00", "severity": 5, @@ -237,8 +240,10 @@ "device_group_hierarchy2": "0", "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", + "generated_time": "2023-10-04T09:49:31.000Z", "high_resolution_timestamp": "2023-10-04T16:49:31.363Z", "module": "general", + "received_time": "2023-10-04T09:49:30.000Z", "sequence_number": "7286123782408765846", "sub_type": "vpn", "type": "SYSTEM" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json index 3f10bb54ca5..758e47799a6 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json @@ -34,7 +34,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -91,6 +90,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -103,6 +103,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -194,7 +195,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28219,1,52983,443,28249,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7727,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -251,6 +251,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28219", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -263,6 +264,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -354,7 +356,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,27723,1,52986,443,63898,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7728,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -411,6 +412,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "27723", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -423,6 +425,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -514,7 +517,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28172,1,52985,443,7515,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7729,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -571,6 +573,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28172", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -583,6 +586,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -674,7 +678,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28151,1,52987,443,3225,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7730,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -731,6 +734,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28151", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -743,6 +747,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -834,7 +839,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28076,1,52988,443,60449,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7731,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -891,6 +895,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28076", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -903,6 +908,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -994,7 +1000,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28173,1,52990,443,60559,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7732,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -1051,6 +1056,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28173", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -1063,6 +1069,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -1154,7 +1161,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28186,1,52989,443,47414,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7733,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -1211,6 +1217,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28186", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -1223,6 +1230,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -1314,7 +1322,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28192,1,52992,443,37673,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7734,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -1371,6 +1378,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28192", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -1383,6 +1391,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -1474,7 +1483,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,27011,1,52991,443,8232,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7735,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -1531,6 +1539,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "27011", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -1543,6 +1552,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -1634,7 +1644,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28240,1,52994,443,32982,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7736,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -1691,6 +1700,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28240", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -1703,6 +1713,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -1794,7 +1805,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28143,1,52993,443,10473,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7737,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -1851,6 +1861,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28143", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -1863,6 +1874,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -1954,7 +1966,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28272,1,52995,443,20446,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7738,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -2011,6 +2022,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28272", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -2023,6 +2035,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -2114,7 +2127,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28146,1,52996,443,34699,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7739,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -2171,6 +2183,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28146", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -2183,6 +2196,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -2274,7 +2288,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28278,1,52997,443,22820,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7740,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -2331,6 +2344,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28278", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -2343,6 +2357,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -2434,7 +2449,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:37.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28185,1,52998,443,41060,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7741,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -2491,6 +2505,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28185", + "generated_time": "2018-11-30T16:44:37.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:37.000+09:30", @@ -2503,6 +2518,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:37.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -2594,7 +2610,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:37.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28201,1,52999,443,9058,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7742,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -2651,6 +2666,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28201", + "generated_time": "2018-11-30T16:44:37.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:37.000+09:30", @@ -2663,6 +2679,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:37.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -2754,7 +2771,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:37.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28148,1,53001,443,54846,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7743,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -2811,6 +2827,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28148", + "generated_time": "2018-11-30T16:44:37.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:37.000+09:30", @@ -2823,6 +2840,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:37.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -2914,7 +2932,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:37.000+09:30", "kind": "alert", "original": "Nov 30 16:44:37 PA-220 1,2018/11/30 16:44:37,012801096514,THREAT,url,2049,2018/11/30 16:44:37,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:37,28121,1,53002,443,52731,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7744,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -2971,6 +2988,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28121", + "generated_time": "2018-11-30T16:44:37.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:37.000+09:30", @@ -2983,6 +3001,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:37.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -3074,7 +3093,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:38.000+09:30", "kind": "alert", "original": "Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28228,1,53003,443,15165,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7745,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -3131,6 +3149,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28228", + "generated_time": "2018-11-30T16:44:38.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:38.000+09:30", @@ -3143,6 +3162,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:38.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -3234,7 +3254,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:38.000+09:30", "kind": "alert", "original": "Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28196,1,53004,443,53918,443,0x403000,tcp,block-url,\"b.scorecardresearch.com/\",(9999),business-and-economy,informational,client-to-server,7746,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -3291,6 +3310,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28196", + "generated_time": "2018-11-30T16:44:38.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:38.000+09:30", @@ -3303,6 +3323,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:38.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -3394,7 +3415,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:38.000+09:30", "kind": "alert", "original": "Nov 30 16:44:38 PA-220 1,2018/11/30 16:44:38,012801096514,THREAT,url,2049,2018/11/30 16:44:38,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:38,28007,1,53000,443,40792,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7747,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -3451,6 +3471,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28007", + "generated_time": "2018-11-30T16:44:38.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:38.000+09:30", @@ -3463,6 +3484,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:38.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -3554,7 +3576,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28117,1,53006,443,54044,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7748,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -3611,6 +3632,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28117", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -3623,6 +3645,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -3714,7 +3737,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28109,1,53007,443,19544,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7749,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -3771,6 +3793,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28109", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -3783,6 +3806,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -3874,7 +3898,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28260,1,53008,443,13462,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7750,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -3931,6 +3954,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28260", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -3943,6 +3967,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -4034,7 +4059,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28275,1,53010,443,44892,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7752,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -4091,6 +4115,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28275", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -4103,6 +4128,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -4194,7 +4220,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28266,1,53011,443,16487,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7753,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -4251,6 +4276,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28266", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -4263,6 +4289,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -4354,7 +4381,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28294,1,53012,443,23952,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7754,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -4411,6 +4437,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28294", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -4423,6 +4450,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -4514,7 +4542,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28248,1,53013,443,2810,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7755,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -4571,6 +4598,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28248", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -4583,6 +4611,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -4674,7 +4703,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:46 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28274,1,53014,443,13272,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7756,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -4731,6 +4759,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28274", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -4743,6 +4772,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -4834,7 +4864,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28285,1,53022,443,8663,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7762,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -4891,6 +4920,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28285", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -4903,6 +4933,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -4994,7 +5025,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28306,1,53023,443,55738,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7763,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -5051,6 +5081,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28306", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -5063,6 +5094,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -5154,7 +5186,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28116,1,53024,443,10650,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7764,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -5211,6 +5242,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28116", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -5223,6 +5255,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -5314,7 +5347,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28214,1,53025,443,44087,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7765,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -5371,6 +5403,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28214", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -5383,6 +5416,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -5474,7 +5508,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:46.000+09:30", "kind": "alert", "original": "Nov 30 16:44:47 PA-220 1,2018/11/30 16:44:46,012801096514,THREAT,url,2049,2018/11/30 16:44:46,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:46,28080,1,53026,443,15915,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7766,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -5531,6 +5564,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28080", + "generated_time": "2018-11-30T16:44:46.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:46.000+09:30", @@ -5543,6 +5577,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:46.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -5634,7 +5669,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:53.000+09:30", "kind": "alert", "original": "Nov 30 16:44:53 PA-220 1,2018/11/30 16:44:53,012801096514,THREAT,url,2049,2018/11/30 16:44:53,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:53,28318,1,53041,443,41165,443,0x403000,tcp,block-url,\"cdn.taboola.com/\",(9999),business-and-economy,informational,client-to-server,7768,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -5691,6 +5725,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28318", + "generated_time": "2018-11-30T16:44:53.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:53.000+09:30", @@ -5703,6 +5738,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:53.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -5794,7 +5830,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:54.000+09:30", "kind": "alert", "original": "Nov 30 16:44:54 PA-220 1,2018/11/30 16:44:54,012801096514,THREAT,url,2049,2018/11/30 16:44:54,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:54,28300,1,53040,443,54133,443,0x403000,tcp,block-url,\"rules.quantcount.com/\",(9999),business-and-economy,informational,client-to-server,7769,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -5851,6 +5886,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28300", + "generated_time": "2018-11-30T16:44:54.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:54.000+09:30", @@ -5863,6 +5899,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:54.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -5954,7 +5991,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:58.000+09:30", "kind": "alert", "original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28339,1,53093,443,8485,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7770,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -6011,6 +6047,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28339", + "generated_time": "2018-11-30T16:44:58.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:58.000+09:30", @@ -6023,6 +6060,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:58.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -6114,7 +6152,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:58.000+09:30", "kind": "alert", "original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28299,1,53094,443,12496,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7771,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -6171,6 +6208,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28299", + "generated_time": "2018-11-30T16:44:58.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:58.000+09:30", @@ -6183,6 +6221,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:58.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -6274,7 +6313,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:58.000+09:30", "kind": "alert", "original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28303,1,53095,443,17029,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7772,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -6331,6 +6369,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28303", + "generated_time": "2018-11-30T16:44:58.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:58.000+09:30", @@ -6343,6 +6382,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:58.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -6434,7 +6474,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:58.000+09:30", "kind": "alert", "original": "Nov 30 16:44:59 PA-220 1,2018/11/30 16:44:58,012801096514,THREAT,url,2049,2018/11/30 16:44:58,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:58,28390,1,53096,443,23696,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7773,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -6491,6 +6530,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28390", + "generated_time": "2018-11-30T16:44:58.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:58.000+09:30", @@ -6503,6 +6543,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:58.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -6594,7 +6635,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:59.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28433,1,53097,443,34769,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7774,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -6651,6 +6691,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28433", + "generated_time": "2018-11-30T16:44:59.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:59.000+09:30", @@ -6663,6 +6704,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:59.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -6754,7 +6796,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:59.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28380,1,53099,443,22486,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7775,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -6811,6 +6852,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28380", + "generated_time": "2018-11-30T16:44:59.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:59.000+09:30", @@ -6823,6 +6865,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:59.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -6914,7 +6957,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:59.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:44:59,012801096514,THREAT,url,2049,2018/11/30 16:44:59,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:59,28363,1,53100,443,12894,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7776,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -6971,6 +7013,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28363", + "generated_time": "2018-11-30T16:44:59.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:59.000+09:30", @@ -6983,6 +7026,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:59.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -7074,7 +7118,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:00.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28349,1,53101,443,62348,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7777,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -7131,6 +7174,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28349", + "generated_time": "2018-11-30T16:45:00.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:00.000+09:30", @@ -7143,6 +7187,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:00.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -7234,7 +7279,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:00.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28411,1,53104,443,6224,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7778,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -7291,6 +7335,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28411", + "generated_time": "2018-11-30T16:45:00.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:00.000+09:30", @@ -7303,6 +7348,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:00.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -7394,7 +7440,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:00.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28397,1,53107,443,44120,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7779,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -7451,6 +7496,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28397", + "generated_time": "2018-11-30T16:45:00.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:00.000+09:30", @@ -7463,6 +7509,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:00.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -7554,7 +7601,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:00.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28347,1,53108,443,44228,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7780,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -7611,6 +7657,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28347", + "generated_time": "2018-11-30T16:45:00.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:00.000+09:30", @@ -7623,6 +7670,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:00.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -7714,7 +7762,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:00.000+09:30", "kind": "alert", "original": "Nov 30 16:45:00 PA-220 1,2018/11/30 16:45:00,012801096514,THREAT,url,2049,2018/11/30 16:45:00,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:00,28443,1,53109,443,31322,443,0x403000,tcp,block-url,\"srv-2018-11-30-22.config.parsely.com/\",(9999),business-and-economy,informational,client-to-server,7781,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -7771,6 +7818,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28443", + "generated_time": "2018-11-30T16:45:00.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:00.000+09:30", @@ -7783,6 +7831,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:00.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -7874,7 +7923,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:13.000+09:30", "kind": "alert", "original": "Nov 30 16:45:14 PA-220 1,2018/11/30 16:45:13,012801096514,THREAT,url,2049,2018/11/30 16:45:13,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:13,28439,1,53118,443,1672,443,0x403000,tcp,block-url,\"www.googleadservices.com/\",(9999),business-and-economy,informational,client-to-server,7782,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -7931,6 +7979,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28439", + "generated_time": "2018-11-30T16:45:13.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:13.000+09:30", @@ -7943,6 +7992,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:13.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -8034,7 +8084,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:15.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,25958,1,53126,443,20801,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7783,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -8091,6 +8140,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "25958", + "generated_time": "2018-11-30T16:45:15.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:15.000+09:30", @@ -8103,6 +8153,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:15.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -8194,7 +8245,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:15.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28429,1,53127,443,24533,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7784,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -8251,6 +8301,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28429", + "generated_time": "2018-11-30T16:45:15.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:15.000+09:30", @@ -8263,6 +8314,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:15.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -8354,7 +8406,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:15.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28465,1,53128,443,30150,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7785,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -8411,6 +8462,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28465", + "generated_time": "2018-11-30T16:45:15.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:15.000+09:30", @@ -8423,6 +8475,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:15.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -8514,7 +8567,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:15.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:15,012801096514,THREAT,url,2049,2018/11/30 16:45:15,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:15,28504,1,53129,443,36305,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7786,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -8571,6 +8623,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28504", + "generated_time": "2018-11-30T16:45:15.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:15.000+09:30", @@ -8583,6 +8636,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:15.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -8674,7 +8728,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:16.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28458,1,53130,443,42682,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7787,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -8731,6 +8784,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28458", + "generated_time": "2018-11-30T16:45:16.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:16.000+09:30", @@ -8743,6 +8797,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:16.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -8834,7 +8889,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:16.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28491,1,53131,443,22530,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7788,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -8891,6 +8945,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28491", + "generated_time": "2018-11-30T16:45:16.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:16.000+09:30", @@ -8903,6 +8958,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:16.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -8994,7 +9050,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:16.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28520,1,53132,443,43713,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7789,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -9051,6 +9106,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28520", + "generated_time": "2018-11-30T16:45:16.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:16.000+09:30", @@ -9063,6 +9119,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:16.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -9154,7 +9211,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:16.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28335,1,53133,443,60608,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7790,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -9211,6 +9267,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28335", + "generated_time": "2018-11-30T16:45:16.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:16.000+09:30", @@ -9223,6 +9280,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:16.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -9314,7 +9372,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:16.000+09:30", "kind": "alert", "original": "Nov 30 16:45:16 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28414,1,53134,443,9302,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7791,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -9371,6 +9428,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28414", + "generated_time": "2018-11-30T16:45:16.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:16.000+09:30", @@ -9383,6 +9441,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:16.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -9474,7 +9533,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:16.000+09:30", "kind": "alert", "original": "Nov 30 16:45:17 PA-220 1,2018/11/30 16:45:16,012801096514,THREAT,url,2049,2018/11/30 16:45:16,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:16,28488,1,53135,443,11634,443,0x403000,tcp,block-url,\"service.maxymiser.net/\",(9999),business-and-economy,informational,client-to-server,7792,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -9531,6 +9589,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28488", + "generated_time": "2018-11-30T16:45:16.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:16.000+09:30", @@ -9543,6 +9602,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:16.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -9634,7 +9694,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:26.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28469,1,53152,443,30818,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7793,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -9691,6 +9750,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28469", + "generated_time": "2018-11-30T16:45:26.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:26.000+09:30", @@ -9703,6 +9763,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:26.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -9794,7 +9855,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:26.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28556,1,53155,443,64260,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7794,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -9851,6 +9911,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28556", + "generated_time": "2018-11-30T16:45:26.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:26.000+09:30", @@ -9863,6 +9924,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:26.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -9954,7 +10016,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:26.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28558,1,53158,443,7071,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7795,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -10011,6 +10072,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28558", + "generated_time": "2018-11-30T16:45:26.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:26.000+09:30", @@ -10023,6 +10085,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:26.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -10114,7 +10177,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:26.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28531,1,53160,443,4512,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7796,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -10171,6 +10233,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28531", + "generated_time": "2018-11-30T16:45:26.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:26.000+09:30", @@ -10183,6 +10246,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:26.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -10274,7 +10338,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:26.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:26,012801096514,THREAT,url,2049,2018/11/30 16:45:26,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:26,28580,1,53161,443,3422,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7797,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -10331,6 +10394,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28580", + "generated_time": "2018-11-30T16:45:26.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:26.000+09:30", @@ -10343,6 +10407,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:26.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -10434,7 +10499,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:27.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28477,1,53162,443,4651,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7798,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -10491,6 +10555,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28477", + "generated_time": "2018-11-30T16:45:27.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:27.000+09:30", @@ -10503,6 +10568,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:27.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -10594,7 +10660,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:27.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28484,1,53163,443,19068,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7799,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -10651,6 +10716,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28484", + "generated_time": "2018-11-30T16:45:27.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:27.000+09:30", @@ -10663,6 +10729,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:27.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -10754,7 +10821,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:27.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28609,1,53164,443,5831,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7800,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -10811,6 +10877,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28609", + "generated_time": "2018-11-30T16:45:27.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:27.000+09:30", @@ -10823,6 +10890,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:27.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -10914,7 +10982,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:27.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28564,1,53165,443,7084,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7801,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -10971,6 +11038,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28564", + "generated_time": "2018-11-30T16:45:27.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:27.000+09:30", @@ -10983,6 +11051,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:27.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -11074,7 +11143,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:27.000+09:30", "kind": "alert", "original": "Nov 30 16:45:27 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28542,1,53166,443,18633,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7802,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -11131,6 +11199,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28542", + "generated_time": "2018-11-30T16:45:27.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:27.000+09:30", @@ -11143,6 +11212,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:27.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -11234,7 +11304,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:27.000+09:30", "kind": "alert", "original": "Nov 30 16:45:28 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28590,1,53167,443,25557,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7803,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -11291,6 +11360,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28590", + "generated_time": "2018-11-30T16:45:27.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:27.000+09:30", @@ -11303,6 +11373,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:27.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -11394,7 +11465,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:27.000+09:30", "kind": "alert", "original": "Nov 30 16:45:28 PA-220 1,2018/11/30 16:45:27,012801096514,THREAT,url,2049,2018/11/30 16:45:27,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:27,28455,1,53150,443,20661,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7804,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -11451,6 +11521,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28455", + "generated_time": "2018-11-30T16:45:27.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:27.000+09:30", @@ -11463,6 +11534,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:27.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -11554,7 +11626,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:28.000+09:30", "kind": "alert", "original": "Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28585,1,53185,443,65438,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7805,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -11611,6 +11682,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28585", + "generated_time": "2018-11-30T16:45:28.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:28.000+09:30", @@ -11623,6 +11695,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:28.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -11714,7 +11787,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:28.000+09:30", "kind": "alert", "original": "Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28462,1,53187,443,53101,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7806,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -11771,6 +11843,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28462", + "generated_time": "2018-11-30T16:45:28.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:28.000+09:30", @@ -11783,6 +11856,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:28.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -11874,7 +11948,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:28.000+09:30", "kind": "alert", "original": "Nov 30 16:45:29 PA-220 1,2018/11/30 16:45:28,012801096514,THREAT,url,2049,2018/11/30 16:45:28,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:28,28839,1,53188,443,35463,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7807,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -11931,6 +12004,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28839", + "generated_time": "2018-11-30T16:45:28.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:28.000+09:30", @@ -11943,6 +12017,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:28.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -12034,7 +12109,6 @@ "threat", "network" ], - "created": "2018-11-30T16:45:29.000+09:30", "kind": "alert", "original": "Nov 30 16:45:30 PA-220 1,2018/11/30 16:45:29,012801096514,THREAT,url,2049,2018/11/30 16:45:29,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:45:29,28400,1,53178,443,45769,443,0x403000,tcp,block-url,\"segment-data.zqtk.net/\",(9999),business-and-economy,informational,client-to-server,7808,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -12091,6 +12165,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28400", + "generated_time": "2018-11-30T16:45:29.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:45:29.000+09:30", @@ -12103,6 +12178,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:45:29.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -12193,7 +12269,6 @@ "threat", "network" ], - "created": "2021-11-16T16:24:30.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:24:30,007051000184334,THREAT,virus,2561,2021/11/16 16:24:30,89.160.20.156,67.43.156.12,81.2.69.193,67.43.156.12,LAn-TO-WAn,,,web-browsing,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:24:30,1450,2,51360,36524,37704,36524,0x502000,tcp,reset-both,\"browser\",Virus/Linux.example(419149938),medium-risk,medium,server-to-client,7031297127854637094,0x0,United States,China,,,0,,,1,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,elf,Antivirus-3901-4412,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:24:30.762-08:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,web-browsing,no,no", "outcome": "failure", @@ -12264,6 +12339,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1450", + "generated_time": "2021-11-16T16:24:30.000+09:30", "high_resolution_timestamp": "2021-11-17T09:54:30.762+09:30", "http2_connection": "0", "imsi": "0", @@ -12279,6 +12355,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:24:30.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -12381,7 +12458,6 @@ "threat", "network" ], - "created": "2021-11-16T16:24:05.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:24:05,007051000184334,THREAT,virus,2561,2021/11/16 16:24:05,89.160.20.156,67.43.156.12,81.2.69.193,67.43.156.12,LAn-TO-WAn,,,web-browsing,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:24:05,1451,1,51361,36524,24986,36524,0x502000,tcp,reset-both,\"browser\",Virus/Linux.example(419149938),medium-risk,medium,server-to-client,7031297127854637092,0x0,United States,China,,,0,,,1,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,elf,Antivirus-3901-4412,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:24:05.837-08:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,web-browsing,no,no", "outcome": "failure", @@ -12452,6 +12528,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1451", + "generated_time": "2021-11-16T16:24:05.000+09:30", "high_resolution_timestamp": "2021-11-17T09:54:05.837+09:30", "http2_connection": "0", "imsi": "0", @@ -12467,6 +12544,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:24:05.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -12569,7 +12647,6 @@ "threat", "network" ], - "created": "2021-11-16T16:23:55.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:23:55,007051000184334,THREAT,spyware,2561,2021/11/16 16:23:55,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:23:55,1448,1,59738,53,4993,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637090,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:23:55.782-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -12636,6 +12713,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1448", + "generated_time": "2021-11-16T16:23:55.000+09:30", "high_resolution_timestamp": "2021-11-17T09:53:55.782+09:30", "http2_connection": "0", "imsi": "0", @@ -12651,6 +12729,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:23:55.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -12753,7 +12832,6 @@ "threat", "network" ], - "created": "2021-11-16T16:19:45.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:19:45,007051000184334,THREAT,spyware,2561,2021/11/16 16:19:45,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:19:45,1401,1,59189,53,53300,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637088,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:19:45.724-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -12817,6 +12895,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1401", + "generated_time": "2021-11-16T16:19:45.000+09:30", "high_resolution_timestamp": "2021-11-17T09:49:45.724+09:30", "http2_connection": "0", "imsi": "0", @@ -12832,6 +12911,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:19:45.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -12934,7 +13014,6 @@ "threat", "network" ], - "created": "2021-11-16T16:13:19.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:13:19,007051000184334,THREAT,spyware,2561,2021/11/16 16:13:19,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:13:19,1290,1,59141,53,11524,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637082,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:13:19.974-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -13001,6 +13080,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1290", + "generated_time": "2021-11-16T16:13:19.000+09:30", "high_resolution_timestamp": "2021-11-17T09:43:19.974+09:30", "http2_connection": "0", "imsi": "0", @@ -13016,6 +13096,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:13:19.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -13118,7 +13199,6 @@ "threat", "network" ], - "created": "2021-11-16T16:12:04.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:12:04,007051000184334,THREAT,spyware,2561,2021/11/16 16:12:04,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:12:04,1275,1,59707,53,8970,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637081,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:12:05.774-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -13185,6 +13265,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1275", + "generated_time": "2021-11-16T16:12:04.000+09:30", "high_resolution_timestamp": "2021-11-17T09:42:05.774+09:30", "http2_connection": "0", "imsi": "0", @@ -13200,6 +13281,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:12:04.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -13302,7 +13384,6 @@ "threat", "network" ], - "created": "2021-11-16T16:11:24.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:11:24,007051000184334,THREAT,spyware,2561,2021/11/16 16:11:24,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:11:24,1263,1,57732,53,4137,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637080,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:11:25.659-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -13369,6 +13450,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1263", + "generated_time": "2021-11-16T16:11:24.000+09:30", "high_resolution_timestamp": "2021-11-17T09:41:25.659+09:30", "http2_connection": "0", "imsi": "0", @@ -13384,6 +13466,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:11:24.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -13486,7 +13569,6 @@ "threat", "network" ], - "created": "2021-11-16T16:11:04.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:11:04,007051000184334,THREAT,spyware,2561,2021/11/16 16:11:04,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:11:04,1257,1,58456,53,3450,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637079,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:11:05.657-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -13553,6 +13635,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1257", + "generated_time": "2021-11-16T16:11:04.000+09:30", "high_resolution_timestamp": "2021-11-17T09:41:05.657+09:30", "http2_connection": "0", "imsi": "0", @@ -13568,6 +13651,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:11:04.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -13670,7 +13754,6 @@ "threat", "network" ], - "created": "2021-11-16T16:10:44.000+09:30", "kind": "alert", "original": "1,2021/11/16 16:10:44,007051000184334,THREAT,spyware,2561,2021/11/16 16:10:44,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 16:10:44,1245,1,57998,53,16281,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637078,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T16:10:45.653-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -13734,6 +13817,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "1245", + "generated_time": "2021-11-16T16:10:44.000+09:30", "high_resolution_timestamp": "2021-11-17T09:40:45.653+09:30", "http2_connection": "0", "imsi": "0", @@ -13749,6 +13833,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T16:10:44.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -13851,7 +13936,6 @@ "threat", "network" ], - "created": "2021-11-16T15:40:32.000+09:30", "kind": "alert", "original": "1,2021/11/16 15:40:32,007051000184334,THREAT,spyware,2561,2021/11/16 15:40:32,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 15:40:32,972,1,59108,53,8224,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637069,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T15:40:32.221-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -13915,6 +13999,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "972", + "generated_time": "2021-11-16T15:40:32.000+09:30", "high_resolution_timestamp": "2021-11-17T09:10:32.221+09:30", "http2_connection": "0", "imsi": "0", @@ -13930,6 +14015,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T15:40:32.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -14032,7 +14118,6 @@ "threat", "network" ], - "created": "2021-11-16T15:30:17.000+09:30", "kind": "alert", "original": "1,2021/11/16 15:30:17,007051000184334,THREAT,spyware,2561,2021/11/16 15:30:17,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 15:30:17,881,1,59495,53,8571,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637066,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T15:30:17.132-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -14096,6 +14181,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "881", + "generated_time": "2021-11-16T15:30:17.000+09:30", "high_resolution_timestamp": "2021-11-17T09:00:17.132+09:30", "http2_connection": "0", "imsi": "0", @@ -14111,6 +14197,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T15:30:17.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -14213,7 +14300,6 @@ "threat", "network" ], - "created": "2021-11-16T15:25:06.000+09:30", "kind": "alert", "original": "1,2021/11/16 15:25:06,007051000184334,THREAT,spyware,2561,2021/11/16 15:25:06,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 15:25:06,827,1,59091,53,43821,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637063,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T15:25:07.057-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -14280,6 +14366,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "827", + "generated_time": "2021-11-16T15:25:06.000+09:30", "high_resolution_timestamp": "2021-11-17T08:55:07.057+09:30", "http2_connection": "0", "imsi": "0", @@ -14295,6 +14382,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T15:25:06.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -14397,7 +14485,6 @@ "threat", "network" ], - "created": "2021-11-16T15:23:56.000+09:30", "kind": "alert", "original": "1,2021/11/16 15:23:56,007051000184334,THREAT,spyware,2561,2021/11/16 15:23:56,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 15:23:56,810,1,59200,53,50584,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637058,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T15:23:57.037-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -14464,6 +14551,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "810", + "generated_time": "2021-11-16T15:23:56.000+09:30", "high_resolution_timestamp": "2021-11-17T08:53:57.037+09:30", "http2_connection": "0", "imsi": "0", @@ -14479,6 +14567,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T15:23:56.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -14581,7 +14670,6 @@ "threat", "network" ], - "created": "2021-11-16T15:23:11.000+09:30", "kind": "alert", "original": "1,2021/11/16 15:23:11,007051000184334,THREAT,spyware,2561,2021/11/16 15:23:11,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 15:23:11,799,1,58689,53,16219,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637057,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T15:23:12.026-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -14648,6 +14736,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "799", + "generated_time": "2021-11-16T15:23:11.000+09:30", "high_resolution_timestamp": "2021-11-17T08:53:12.026+09:30", "http2_connection": "0", "imsi": "0", @@ -14663,6 +14752,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T15:23:11.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -14765,7 +14855,6 @@ "threat", "network" ], - "created": "2021-11-16T15:22:56.000+09:30", "kind": "alert", "original": "1,2021/11/16 15:22:56,007051000184334,THREAT,spyware,2561,2021/11/16 15:22:56,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 15:22:56,789,1,59276,53,32921,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7031297127854637056,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T15:22:57.024-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -14829,6 +14918,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "789", + "generated_time": "2021-11-16T15:22:56.000+09:30", "high_resolution_timestamp": "2021-11-17T08:52:57.024+09:30", "http2_connection": "0", "imsi": "0", @@ -14844,6 +14934,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T15:22:56.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -14951,7 +15042,6 @@ "threat", "network" ], - "created": "2021-11-16T11:29:34.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:29:34,007051000184334,THREAT,spyware,2561,2021/11/16 11:29:34,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:29:34,49252,1,58941,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735140,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:29:34.357-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -15014,6 +15104,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "49252", + "generated_time": "2021-11-16T11:29:34.000+09:30", "high_resolution_timestamp": "2021-11-17T04:59:34.357+09:30", "http2_connection": "0", "imsi": "0", @@ -15024,6 +15115,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:29:34.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -15124,7 +15216,6 @@ "threat", "network" ], - "created": "2021-11-16T11:29:34.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:29:34,007051000184334,THREAT,spyware,2561,2021/11/16 11:29:34,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:29:34,49251,1,58941,53,39925,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735139,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:29:34.356-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -15191,6 +15282,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "49251", + "generated_time": "2021-11-16T11:29:34.000+09:30", "high_resolution_timestamp": "2021-11-17T04:59:34.356+09:30", "http2_connection": "0", "imsi": "0", @@ -15206,6 +15298,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:29:34.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -15313,7 +15406,6 @@ "threat", "network" ], - "created": "2021-11-16T11:29:29.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:29:29,007051000184334,THREAT,spyware,2561,2021/11/16 11:29:29,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:29:29,49250,1,59424,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735138,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:29:29.356-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -15376,6 +15468,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "49250", + "generated_time": "2021-11-16T11:29:29.000+09:30", "high_resolution_timestamp": "2021-11-17T04:59:29.356+09:30", "http2_connection": "0", "imsi": "0", @@ -15386,6 +15479,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:29:29.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -15486,7 +15580,6 @@ "threat", "network" ], - "created": "2021-11-16T11:29:24.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:29:24,007051000184334,THREAT,spyware,2561,2021/11/16 11:29:24,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:29:24,49248,1,59424,53,47554,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735137,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:29:24.620-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -15550,6 +15643,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "49248", + "generated_time": "2021-11-16T11:29:24.000+09:30", "high_resolution_timestamp": "2021-11-17T04:59:24.620+09:30", "http2_connection": "0", "imsi": "0", @@ -15565,6 +15659,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:29:24.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -15672,7 +15767,6 @@ "threat", "network" ], - "created": "2021-11-16T11:17:58.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:17:58,007051000184334,THREAT,spyware,2561,2021/11/16 11:17:58,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:17:58,48952,1,57439,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735054,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:17:58.973-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -15735,6 +15829,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48952", + "generated_time": "2021-11-16T11:17:58.000+09:30", "high_resolution_timestamp": "2021-11-17T04:47:58.973+09:30", "http2_connection": "0", "imsi": "0", @@ -15745,6 +15840,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:17:58.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -15845,7 +15941,6 @@ "threat", "network" ], - "created": "2021-11-16T11:17:53.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:17:53,007051000184334,THREAT,spyware,2561,2021/11/16 11:17:53,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:17:53,48947,1,57439,53,16531,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735053,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:17:53.974-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -15912,6 +16007,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48947", + "generated_time": "2021-11-16T11:17:53.000+09:30", "high_resolution_timestamp": "2021-11-17T04:47:53.974+09:30", "http2_connection": "0", "imsi": "0", @@ -15927,6 +16023,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:17:53.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -16034,7 +16131,6 @@ "threat", "network" ], - "created": "2021-11-16T11:17:43.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:17:43,007051000184334,THREAT,spyware,2561,2021/11/16 11:17:43,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:17:43,48919,2,58744,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735044,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:17:43.973-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -16097,6 +16193,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48919", + "generated_time": "2021-11-16T11:17:43.000+09:30", "high_resolution_timestamp": "2021-11-17T04:47:43.973+09:30", "http2_connection": "0", "imsi": "0", @@ -16107,6 +16204,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:17:43.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -16207,7 +16305,6 @@ "threat", "network" ], - "created": "2021-11-16T11:17:38.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:17:38,007051000184334,THREAT,spyware,2561,2021/11/16 11:17:38,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:17:38,48918,2,58744,53,24963,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735038,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:17:38.972-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -16274,6 +16371,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48918", + "generated_time": "2021-11-16T11:17:38.000+09:30", "high_resolution_timestamp": "2021-11-17T04:47:38.972+09:30", "http2_connection": "0", "imsi": "0", @@ -16289,6 +16387,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:17:38.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -16396,7 +16495,6 @@ "threat", "network" ], - "created": "2021-11-16T11:17:38.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:17:38,007051000184334,THREAT,spyware,2561,2021/11/16 11:17:38,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:17:38,48917,1,57421,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735031,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:17:38.971-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -16459,6 +16557,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48917", + "generated_time": "2021-11-16T11:17:38.000+09:30", "high_resolution_timestamp": "2021-11-17T04:47:38.971+09:30", "http2_connection": "0", "imsi": "0", @@ -16469,6 +16568,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:17:38.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -16569,7 +16669,6 @@ "threat", "network" ], - "created": "2021-11-16T11:17:33.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:17:33,007051000184334,THREAT,spyware,2561,2021/11/16 11:17:33,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:17:33,48916,1,57421,53,62251,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104735030,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:17:34.473-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -16636,6 +16735,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48916", + "generated_time": "2021-11-16T11:17:33.000+09:30", "high_resolution_timestamp": "2021-11-17T04:47:34.473+09:30", "http2_connection": "0", "imsi": "0", @@ -16651,6 +16751,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:17:33.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -16758,7 +16859,6 @@ "threat", "network" ], - "created": "2021-11-16T11:15:08.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:15:08,007051000184334,THREAT,spyware,2561,2021/11/16 11:15:08,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:15:08,48826,1,57689,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734979,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:15:08.911-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -16821,6 +16921,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48826", + "generated_time": "2021-11-16T11:15:08.000+09:30", "high_resolution_timestamp": "2021-11-17T04:45:08.911+09:30", "http2_connection": "0", "imsi": "0", @@ -16831,6 +16932,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:15:08.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -16931,7 +17033,6 @@ "threat", "network" ], - "created": "2021-11-16T11:15:08.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:15:08,007051000184334,THREAT,spyware,2561,2021/11/16 11:15:08,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:15:08,48823,1,57689,53,49041,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734977,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:15:08.910-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -16998,6 +17099,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48823", + "generated_time": "2021-11-16T11:15:08.000+09:30", "high_resolution_timestamp": "2021-11-17T04:45:08.910+09:30", "http2_connection": "0", "imsi": "0", @@ -17013,6 +17115,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:15:08.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -17120,7 +17223,6 @@ "threat", "network" ], - "created": "2021-11-16T11:14:58.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:14:58,007051000184334,THREAT,spyware,2561,2021/11/16 11:14:58,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:14:58,48816,2,59499,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734973,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:14:58.908-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -17183,6 +17285,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48816", + "generated_time": "2021-11-16T11:14:58.000+09:30", "high_resolution_timestamp": "2021-11-17T04:44:58.908+09:30", "http2_connection": "0", "imsi": "0", @@ -17193,6 +17296,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:14:58.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -17293,7 +17397,6 @@ "threat", "network" ], - "created": "2021-11-16T11:14:53.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:14:53,007051000184334,THREAT,spyware,2561,2021/11/16 11:14:53,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:14:53,48808,2,59499,53,8453,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734970,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:14:53.909-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -17360,6 +17463,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48808", + "generated_time": "2021-11-16T11:14:53.000+09:30", "high_resolution_timestamp": "2021-11-17T04:44:53.909+09:30", "http2_connection": "0", "imsi": "0", @@ -17375,6 +17479,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:14:53.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -17482,7 +17587,6 @@ "threat", "network" ], - "created": "2021-11-16T11:14:48.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:14:48,007051000184334,THREAT,spyware,2561,2021/11/16 11:14:48,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:14:48,48804,1,58167,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734965,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:14:49.372-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -17545,6 +17649,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48804", + "generated_time": "2021-11-16T11:14:48.000+09:30", "high_resolution_timestamp": "2021-11-17T04:44:49.372+09:30", "http2_connection": "0", "imsi": "0", @@ -17555,6 +17660,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:14:48.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -17660,7 +17766,6 @@ "threat", "network" ], - "created": "2021-11-16T11:14:13.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:14:13,007051000184334,THREAT,spyware,2561,2021/11/16 11:14:13,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:14:13,48794,1,57362,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734964,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:14:13.900-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -17723,6 +17828,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48794", + "generated_time": "2021-11-16T11:14:13.000+09:30", "high_resolution_timestamp": "2021-11-17T04:44:13.900+09:30", "http2_connection": "0", "imsi": "0", @@ -17733,6 +17839,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:14:13.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -17833,7 +17940,6 @@ "threat", "network" ], - "created": "2021-11-16T11:14:08.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:14:08,007051000184334,THREAT,spyware,2561,2021/11/16 11:14:08,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:14:08,48793,1,57362,53,8723,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734963,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:14:08.899-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -17900,6 +18006,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48793", + "generated_time": "2021-11-16T11:14:08.000+09:30", "high_resolution_timestamp": "2021-11-17T04:44:08.899+09:30", "http2_connection": "0", "imsi": "0", @@ -17915,6 +18022,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:14:08.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -18022,7 +18130,6 @@ "threat", "network" ], - "created": "2021-11-16T11:14:03.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:14:03,007051000184334,THREAT,spyware,2561,2021/11/16 11:14:03,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:14:03,48792,1,59250,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734962,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:14:04.367-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -18085,6 +18192,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48792", + "generated_time": "2021-11-16T11:14:03.000+09:30", "high_resolution_timestamp": "2021-11-17T04:44:04.367+09:30", "http2_connection": "0", "imsi": "0", @@ -18095,6 +18203,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:14:03.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -18195,7 +18304,6 @@ "threat", "network" ], - "created": "2021-11-16T11:14:03.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:14:03,007051000184334,THREAT,spyware,2561,2021/11/16 11:14:03,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:14:03,48789,1,59250,53,61084,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734961,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:14:04.366-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -18262,6 +18370,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48789", + "generated_time": "2021-11-16T11:14:03.000+09:30", "high_resolution_timestamp": "2021-11-17T04:44:04.366+09:30", "http2_connection": "0", "imsi": "0", @@ -18277,6 +18386,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:14:03.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -18384,7 +18494,6 @@ "threat", "network" ], - "created": "2021-11-16T11:13:48.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:13:48,007051000184334,THREAT,spyware,2561,2021/11/16 11:13:48,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:13:48,48786,1,58572,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734960,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:13:48.897-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -18447,6 +18556,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48786", + "generated_time": "2021-11-16T11:13:48.000+09:30", "high_resolution_timestamp": "2021-11-17T04:43:48.897+09:30", "http2_connection": "0", "imsi": "0", @@ -18457,6 +18567,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:13:48.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -18557,7 +18668,6 @@ "threat", "network" ], - "created": "2021-11-16T11:13:43.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:13:43,007051000184334,THREAT,spyware,2561,2021/11/16 11:13:43,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:13:43,48776,1,58572,53,38616,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734959,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:13:43.900-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -18624,6 +18734,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48776", + "generated_time": "2021-11-16T11:13:43.000+09:30", "high_resolution_timestamp": "2021-11-17T04:43:43.900+09:30", "http2_connection": "0", "imsi": "0", @@ -18639,6 +18750,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:13:43.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -18746,7 +18858,6 @@ "threat", "network" ], - "created": "2021-11-16T11:13:43.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:13:43,007051000184334,THREAT,spyware,2561,2021/11/16 11:13:43,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:13:43,48775,1,57763,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734954,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:13:43.900-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -18809,6 +18920,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48775", + "generated_time": "2021-11-16T11:13:43.000+09:30", "high_resolution_timestamp": "2021-11-17T04:43:43.900+09:30", "http2_connection": "0", "imsi": "0", @@ -18819,6 +18931,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:13:43.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -18919,7 +19032,6 @@ "threat", "network" ], - "created": "2021-11-16T11:13:38.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:13:38,007051000184334,THREAT,spyware,2561,2021/11/16 11:13:38,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:13:38,48773,1,57763,53,39403,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734953,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:13:39.364-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -18983,6 +19095,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48773", + "generated_time": "2021-11-16T11:13:38.000+09:30", "high_resolution_timestamp": "2021-11-17T04:43:39.364+09:30", "http2_connection": "0", "imsi": "0", @@ -18998,6 +19111,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:13:38.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -19105,7 +19219,6 @@ "threat", "network" ], - "created": "2021-11-16T11:08:38.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:08:38,007051000184334,THREAT,spyware,2561,2021/11/16 11:08:38,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:08:38,48682,1,59303,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734926,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:08:38.865-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -19168,6 +19281,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48682", + "generated_time": "2021-11-16T11:08:38.000+09:30", "high_resolution_timestamp": "2021-11-17T04:38:38.865+09:30", "http2_connection": "0", "imsi": "0", @@ -19178,6 +19292,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:08:38.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -19278,7 +19393,6 @@ "threat", "network" ], - "created": "2021-11-16T11:08:33.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:08:33,007051000184334,THREAT,spyware,2561,2021/11/16 11:08:33,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:08:33,48681,1,59303,53,38104,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734925,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:08:33.864-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -19345,6 +19459,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48681", + "generated_time": "2021-11-16T11:08:33.000+09:30", "high_resolution_timestamp": "2021-11-17T04:38:33.864+09:30", "http2_connection": "0", "imsi": "0", @@ -19360,6 +19475,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:08:33.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -19467,7 +19583,6 @@ "threat", "network" ], - "created": "2021-11-16T11:08:28.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:08:28,007051000184334,THREAT,spyware,2561,2021/11/16 11:08:28,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:08:28,48680,1,59271,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734924,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:08:28.863-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -19530,6 +19645,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48680", + "generated_time": "2021-11-16T11:08:28.000+09:30", "high_resolution_timestamp": "2021-11-17T04:38:28.863+09:30", "http2_connection": "0", "imsi": "0", @@ -19540,6 +19656,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:08:28.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -19640,7 +19757,6 @@ "threat", "network" ], - "created": "2021-11-16T11:08:23.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:08:23,007051000184334,THREAT,spyware,2561,2021/11/16 11:08:23,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:08:23,48679,1,59271,53,51838,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734923,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:08:24.296-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -19707,6 +19823,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48679", + "generated_time": "2021-11-16T11:08:23.000+09:30", "high_resolution_timestamp": "2021-11-17T04:38:24.296+09:30", "http2_connection": "0", "imsi": "0", @@ -19722,6 +19839,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:08:23.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -19829,7 +19947,6 @@ "threat", "network" ], - "created": "2021-11-16T11:07:23.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:07:23,007051000184334,THREAT,spyware,2561,2021/11/16 11:07:23,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:07:23,48657,1,58570,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734917,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:07:23.829-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -19892,6 +20009,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48657", + "generated_time": "2021-11-16T11:07:23.000+09:30", "high_resolution_timestamp": "2021-11-17T04:37:23.829+09:30", "http2_connection": "0", "imsi": "0", @@ -19902,6 +20020,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:07:23.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -20002,7 +20121,6 @@ "threat", "network" ], - "created": "2021-11-16T11:07:23.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:07:23,007051000184334,THREAT,spyware,2561,2021/11/16 11:07:23,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:07:23,48656,1,58570,53,9367,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734916,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:07:23.829-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -20069,6 +20187,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48656", + "generated_time": "2021-11-16T11:07:23.000+09:30", "high_resolution_timestamp": "2021-11-17T04:37:23.829+09:30", "http2_connection": "0", "imsi": "0", @@ -20084,6 +20203,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:07:23.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -20191,7 +20311,6 @@ "threat", "network" ], - "created": "2021-11-16T11:07:18.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:07:18,007051000184334,THREAT,spyware,2561,2021/11/16 11:07:18,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:07:18,48655,1,59762,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734915,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:07:18.829-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -20254,6 +20373,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48655", + "generated_time": "2021-11-16T11:07:18.000+09:30", "high_resolution_timestamp": "2021-11-17T04:37:18.829+09:30", "http2_connection": "0", "imsi": "0", @@ -20264,6 +20384,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:07:18.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -20364,7 +20485,6 @@ "threat", "network" ], - "created": "2021-11-16T11:07:13.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:07:13,007051000184334,THREAT,spyware,2561,2021/11/16 11:07:13,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:07:13,48651,1,59762,53,26416,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734914,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:07:14.287-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -20431,6 +20551,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48651", + "generated_time": "2021-11-16T11:07:13.000+09:30", "high_resolution_timestamp": "2021-11-17T04:37:14.287+09:30", "http2_connection": "0", "imsi": "0", @@ -20446,6 +20567,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:07:13.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -20548,7 +20670,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:48.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:48,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:48,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:06:48,48636,1,58503,53,62409,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734908,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:48.825-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -20615,6 +20736,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48636", + "generated_time": "2021-11-16T11:06:48.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:48.825+09:30", "http2_connection": "0", "imsi": "0", @@ -20630,6 +20752,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:48.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -20737,7 +20860,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:43.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:43,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:43,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:06:43,48634,2,58503,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734906,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:43.825-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -20800,6 +20922,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48634", + "generated_time": "2021-11-16T11:06:43.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:43.825+09:30", "http2_connection": "0", "imsi": "0", @@ -20810,6 +20933,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:43.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -20915,7 +21039,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:38.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:38,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:38,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:06:38,48630,2,58477,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734903,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:38.824-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -20978,6 +21101,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48630", + "generated_time": "2021-11-16T11:06:38.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:38.824+09:30", "http2_connection": "0", "imsi": "0", @@ -20988,6 +21112,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:38.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -21088,7 +21213,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:33.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:33,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:33,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:06:33,48629,2,58477,53,39559,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734902,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:33.823-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -21155,6 +21279,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48629", + "generated_time": "2021-11-16T11:06:33.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:33.823+09:30", "http2_connection": "0", "imsi": "0", @@ -21170,6 +21295,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:33.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -21277,7 +21403,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:28.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:28,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:28,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:06:28,48627,1,57709,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734901,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:28.823-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -21340,6 +21465,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48627", + "generated_time": "2021-11-16T11:06:28.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:28.823+09:30", "http2_connection": "0", "imsi": "0", @@ -21350,6 +21476,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:28.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -21450,7 +21577,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:23.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:23,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:23,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:06:23,48626,1,57709,53,2447,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734899,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:23.822-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -21517,6 +21643,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48626", + "generated_time": "2021-11-16T11:06:23.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:23.822+09:30", "http2_connection": "0", "imsi": "0", @@ -21532,6 +21659,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:23.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -21639,7 +21767,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:13.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:13,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:13,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:06:13,48617,2,58762,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734898,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:13.823-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -21702,6 +21829,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48617", + "generated_time": "2021-11-16T11:06:13.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:13.823+09:30", "http2_connection": "0", "imsi": "0", @@ -21712,6 +21840,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:13.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -21812,7 +21941,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:13.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:13,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:13,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:06:13,48612,2,58762,53,3404,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734897,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:13.821-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -21879,6 +22007,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48612", + "generated_time": "2021-11-16T11:06:13.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:13.821+09:30", "http2_connection": "0", "imsi": "0", @@ -21894,6 +22023,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:13.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -22001,7 +22131,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:08.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:08,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:08,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 11:06:08,48608,1,58258,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734896,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:09.281-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -22064,6 +22193,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48608", + "generated_time": "2021-11-16T11:06:08.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:09.281+09:30", "http2_connection": "0", "imsi": "0", @@ -22074,6 +22204,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:08.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -22174,7 +22305,6 @@ "threat", "network" ], - "created": "2021-11-16T11:06:08.000+09:30", "kind": "alert", "original": "1,2021/11/16 11:06:08,007051000184334,THREAT,spyware,2561,2021/11/16 11:06:08,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 11:06:08,48598,1,58258,53,36779,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104734893,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T11:06:09.279-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -22238,6 +22368,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "48598", + "generated_time": "2021-11-16T11:06:08.000+09:30", "high_resolution_timestamp": "2021-11-17T04:36:09.279+09:30", "http2_connection": "0", "imsi": "0", @@ -22253,6 +22384,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T11:06:08.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -22360,7 +22492,6 @@ "threat", "network" ], - "created": "2021-11-16T10:46:50.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:46:50,007051000184334,THREAT,spyware,2561,2021/11/16 10:46:50,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:46:50,32207,2,58714,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104719000,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:46:50.451-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -22423,6 +22554,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32207", + "generated_time": "2021-11-16T10:46:50.000+09:30", "high_resolution_timestamp": "2021-11-17T04:16:50.451+09:30", "http2_connection": "0", "imsi": "0", @@ -22433,6 +22565,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:46:50.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -22533,7 +22666,6 @@ "threat", "network" ], - "created": "2021-11-16T10:46:45.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:46:45,007051000184334,THREAT,spyware,2561,2021/11/16 10:46:45,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:46:45,32203,2,58714,53,44895,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718999,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:46:45.424-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -22600,6 +22732,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32203", + "generated_time": "2021-11-16T10:46:45.000+09:30", "high_resolution_timestamp": "2021-11-17T04:16:45.424+09:30", "http2_connection": "0", "imsi": "0", @@ -22615,6 +22748,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:46:45.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -22717,7 +22851,6 @@ "threat", "network" ], - "created": "2021-11-16T10:46:30.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:46:30,007051000184334,THREAT,spyware,2561,2021/11/16 10:46:30,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:46:30,32192,2,59157,53,43210,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718998,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:46:31.371-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -22784,6 +22917,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32192", + "generated_time": "2021-11-16T10:46:30.000+09:30", "high_resolution_timestamp": "2021-11-17T04:16:31.371+09:30", "http2_connection": "0", "imsi": "0", @@ -22799,6 +22933,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:46:30.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -22906,7 +23041,6 @@ "threat", "network" ], - "created": "2021-11-16T10:46:30.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:46:30,007051000184334,THREAT,spyware,2561,2021/11/16 10:46:30,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:46:30,32191,3,58392,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718997,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:46:31.370-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -22969,6 +23103,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32191", + "generated_time": "2021-11-16T10:46:30.000+09:30", "high_resolution_timestamp": "2021-11-17T04:16:31.370+09:30", "http2_connection": "0", "imsi": "0", @@ -22979,6 +23114,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:46:30.000+09:30", "repeat_count": 3, "ruleset": "intrazone-default", "sctp": { @@ -23084,7 +23220,6 @@ "threat", "network" ], - "created": "2021-11-16T10:46:20.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:46:20,007051000184334,THREAT,spyware,2561,2021/11/16 10:46:20,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:46:20,32187,1,58839,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718996,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:46:20.318-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -23147,6 +23282,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32187", + "generated_time": "2021-11-16T10:46:20.000+09:30", "high_resolution_timestamp": "2021-11-17T04:16:20.318+09:30", "http2_connection": "0", "imsi": "0", @@ -23157,6 +23293,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:46:20.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -23257,7 +23394,6 @@ "threat", "network" ], - "created": "2021-11-16T10:46:20.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:46:20,007051000184334,THREAT,spyware,2561,2021/11/16 10:46:20,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:46:20,32184,2,58839,53,49708,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718995,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:46:20.317-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -23324,6 +23460,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32184", + "generated_time": "2021-11-16T10:46:20.000+09:30", "high_resolution_timestamp": "2021-11-17T04:16:20.317+09:30", "http2_connection": "0", "imsi": "0", @@ -23339,6 +23476,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:46:20.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -23446,7 +23584,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:55.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:55,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:55,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:45:55,32175,1,57493,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718994,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:55.090-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -23509,6 +23646,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32175", + "generated_time": "2021-11-16T10:45:55.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:55.090+09:30", "http2_connection": "0", "imsi": "0", @@ -23519,6 +23657,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:55.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -23619,7 +23758,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:55.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:55,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:55,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:45:55,32174,1,57493,53,23766,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718993,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:55.089-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -23686,6 +23824,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32174", + "generated_time": "2021-11-16T10:45:55.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:55.089+09:30", "http2_connection": "0", "imsi": "0", @@ -23701,6 +23840,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:55.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -23803,7 +23943,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:45.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:45,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:45,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:45:45,32170,2,57937,53,33499,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718992,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:45.088-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -23870,6 +24009,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32170", + "generated_time": "2021-11-16T10:45:45.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:45.088+09:30", "http2_connection": "0", "imsi": "0", @@ -23885,6 +24025,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:45.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -23992,7 +24133,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:45.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:45,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:45,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:45:45,32169,2,57937,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718991,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:45.088-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -24055,6 +24195,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32169", + "generated_time": "2021-11-16T10:45:45.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:45.088+09:30", "http2_connection": "0", "imsi": "0", @@ -24065,6 +24206,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:45.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -24170,7 +24312,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:35.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:35,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:35,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:45:35,32165,2,58434,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718990,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:35.028-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -24233,6 +24374,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32165", + "generated_time": "2021-11-16T10:45:35.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:35.028+09:30", "http2_connection": "0", "imsi": "0", @@ -24243,6 +24385,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:35.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -24343,7 +24486,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:30.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:30,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:30,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:45:30,32164,2,58434,53,7540,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718989,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:30.028-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -24410,6 +24552,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32164", + "generated_time": "2021-11-16T10:45:30.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:30.028+09:30", "http2_connection": "0", "imsi": "0", @@ -24425,6 +24568,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:30.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -24532,7 +24676,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:25.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:25,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:25,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:45:25,32158,2,57951,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718988,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:25.027-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -24595,6 +24738,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32158", + "generated_time": "2021-11-16T10:45:25.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:25.027+09:30", "http2_connection": "0", "imsi": "0", @@ -24605,6 +24749,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:25.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -24710,7 +24855,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:20.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:20,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:20,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:45:20,32157,1,58516,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718987,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:20.048-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -24773,6 +24917,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32157", + "generated_time": "2021-11-16T10:45:20.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:20.048+09:30", "http2_connection": "0", "imsi": "0", @@ -24783,6 +24928,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:20.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -24883,7 +25029,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:20.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:20,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:20,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:45:20,32156,2,57951,53,26691,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718986,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:20.048-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -24950,6 +25095,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32156", + "generated_time": "2021-11-16T10:45:20.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:20.048+09:30", "http2_connection": "0", "imsi": "0", @@ -24965,6 +25111,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:20.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -25067,7 +25214,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:20.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:20,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:20,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:45:20,32155,1,58516,53,38731,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718985,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:20.047-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -25134,6 +25280,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32155", + "generated_time": "2021-11-16T10:45:20.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:20.047+09:30", "http2_connection": "0", "imsi": "0", @@ -25149,6 +25296,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:20.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -25256,7 +25404,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:15.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:15,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:15,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:45:15,32152,1,59591,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718984,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:15.022-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -25319,6 +25466,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32152", + "generated_time": "2021-11-16T10:45:15.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:15.022+09:30", "http2_connection": "0", "imsi": "0", @@ -25329,6 +25477,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:15.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -25434,7 +25583,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:15.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:15,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:15,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:45:15,32150,1,58733,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718983,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:15.021-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -25497,6 +25645,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32150", + "generated_time": "2021-11-16T10:45:15.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:15.021+09:30", "http2_connection": "0", "imsi": "0", @@ -25507,6 +25656,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:15.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -25607,7 +25757,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:15.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:15,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:15,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:45:15,32141,1,59591,53,59026,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718982,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:15.021-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -25671,6 +25820,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32141", + "generated_time": "2021-11-16T10:45:15.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:15.021+09:30", "http2_connection": "0", "imsi": "0", @@ -25686,6 +25836,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:15.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -25788,7 +25939,6 @@ "threat", "network" ], - "created": "2021-11-16T10:45:10.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:45:10,007051000184334,THREAT,spyware,2561,2021/11/16 10:45:10,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:45:10,32137,1,58733,53,24928,53,0x403000,udp,drop-packet,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718981,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:45:10.136-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -25852,6 +26002,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32137", + "generated_time": "2021-11-16T10:45:10.000+09:30", "high_resolution_timestamp": "2021-11-17T04:15:10.136+09:30", "http2_connection": "0", "imsi": "0", @@ -25867,6 +26018,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:45:10.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -25974,7 +26126,6 @@ "threat", "network" ], - "created": "2021-11-16T10:41:24.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:41:24,007051000184334,THREAT,spyware,2561,2021/11/16 10:41:24,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:41:24,32055,1,59535,53,0,0,0x3000,udp,drop,\"www.xiaz.xyz\",generic:www.xiaz.xyz(421497696),any,medium,client-to-server,7029847907104718980,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:41:24.982-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -26037,6 +26188,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32055", + "generated_time": "2021-11-16T10:41:24.000+09:30", "high_resolution_timestamp": "2021-11-17T04:11:24.982+09:30", "http2_connection": "0", "imsi": "0", @@ -26047,6 +26199,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:41:24.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -26147,7 +26300,6 @@ "threat", "network" ], - "created": "2021-11-16T10:41:19.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:41:19,007051000184334,THREAT,spyware,2561,2021/11/16 10:41:19,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:41:19,32053,1,59535,53,16245,53,0x403000,udp,drop,\"www.xiaz.xyz\",generic:www.xiaz.xyz(421497696),any,medium,client-to-server,7029847907104718979,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:41:19.983-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -26214,6 +26366,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32053", + "generated_time": "2021-11-16T10:41:19.000+09:30", "high_resolution_timestamp": "2021-11-17T04:11:19.983+09:30", "http2_connection": "0", "imsi": "0", @@ -26229,6 +26382,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:41:19.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -26336,7 +26490,6 @@ "threat", "network" ], - "created": "2021-11-16T10:41:19.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:41:19,007051000184334,THREAT,spyware,2561,2021/11/16 10:41:19,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:41:19,32052,1,57359,53,0,0,0x3000,udp,drop,\"www.xiaz.xyz\",generic:www.xiaz.xyz(421497696),any,medium,client-to-server,7029847907104718978,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:41:19.982-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -26399,6 +26552,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32052", + "generated_time": "2021-11-16T10:41:19.000+09:30", "high_resolution_timestamp": "2021-11-17T04:11:19.982+09:30", "http2_connection": "0", "imsi": "0", @@ -26409,6 +26563,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:41:19.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -26509,7 +26664,6 @@ "threat", "network" ], - "created": "2021-11-16T10:41:14.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:41:14,007051000184334,THREAT,spyware,2561,2021/11/16 10:41:14,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:41:14,32045,1,57359,53,28021,53,0x403000,udp,drop-packet,\"www.xiaz.xyz\",generic:www.xiaz.xyz(421497696),any,medium,client-to-server,7029847907104718977,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:41:14.992-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -26573,6 +26727,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "32045", + "generated_time": "2021-11-16T10:41:14.000+09:30", "high_resolution_timestamp": "2021-11-17T04:11:14.992+09:30", "http2_connection": "0", "imsi": "0", @@ -26588,6 +26743,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:41:14.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -26690,7 +26846,6 @@ "threat", "network" ], - "created": "2021-11-16T10:28:44.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:28:44,007051000184334,THREAT,spyware,2561,2021/11/16 10:28:44,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:28:44,31811,1,58771,53,48581,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718976,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:28:44.802-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -26757,6 +26912,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31811", + "generated_time": "2021-11-16T10:28:44.000+09:30", "high_resolution_timestamp": "2021-11-17T03:58:44.802+09:30", "http2_connection": "0", "imsi": "0", @@ -26772,6 +26928,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:28:44.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -26879,7 +27036,6 @@ "threat", "network" ], - "created": "2021-11-16T10:28:39.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:28:39,007051000184334,THREAT,spyware,2561,2021/11/16 10:28:39,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:28:39,31804,1,58771,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718975,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:28:39.801-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -26942,6 +27098,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31804", + "generated_time": "2021-11-16T10:28:39.000+09:30", "high_resolution_timestamp": "2021-11-17T03:58:39.801+09:30", "http2_connection": "0", "imsi": "0", @@ -26952,6 +27109,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:28:39.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -27057,7 +27215,6 @@ "threat", "network" ], - "created": "2021-11-16T10:28:34.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:28:34,007051000184334,THREAT,spyware,2561,2021/11/16 10:28:34,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:28:34,31801,2,57508,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718974,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:28:34.801-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -27120,6 +27277,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31801", + "generated_time": "2021-11-16T10:28:34.000+09:30", "high_resolution_timestamp": "2021-11-17T03:58:34.801+09:30", "http2_connection": "0", "imsi": "0", @@ -27130,6 +27288,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:28:34.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -27230,7 +27389,6 @@ "threat", "network" ], - "created": "2021-11-16T10:28:29.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:28:29,007051000184334,THREAT,spyware,2561,2021/11/16 10:28:29,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:28:29,31800,2,57508,53,43363,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718973,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:28:29.800-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -27297,6 +27455,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31800", + "generated_time": "2021-11-16T10:28:29.000+09:30", "high_resolution_timestamp": "2021-11-17T03:58:29.800+09:30", "http2_connection": "0", "imsi": "0", @@ -27312,6 +27471,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:28:29.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -27419,7 +27579,6 @@ "threat", "network" ], - "created": "2021-11-16T10:28:24.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:28:24,007051000184334,THREAT,spyware,2561,2021/11/16 10:28:24,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:28:24,31799,1,59397,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718972,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:28:25.768-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -27482,6 +27641,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31799", + "generated_time": "2021-11-16T10:28:24.000+09:30", "high_resolution_timestamp": "2021-11-17T03:58:25.768+09:30", "http2_connection": "0", "imsi": "0", @@ -27492,6 +27652,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:28:24.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -27592,7 +27753,6 @@ "threat", "network" ], - "created": "2021-11-16T10:28:24.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:28:24,007051000184334,THREAT,spyware,2561,2021/11/16 10:28:24,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:28:24,31798,1,59397,53,34018,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718971,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:28:25.767-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -27659,6 +27819,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31798", + "generated_time": "2021-11-16T10:28:24.000+09:30", "high_resolution_timestamp": "2021-11-17T03:58:25.767+09:30", "http2_connection": "0", "imsi": "0", @@ -27674,6 +27835,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:28:24.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -27781,7 +27943,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:49.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:49,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:49,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:27:49,31787,1,59777,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718970,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:49.795-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -27844,6 +28005,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31787", + "generated_time": "2021-11-16T10:27:49.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:49.795+09:30", "http2_connection": "0", "imsi": "0", @@ -27854,6 +28016,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:49.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -27954,7 +28117,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:44.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:44,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:44,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:27:44,31781,2,59148,53,41708,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718969,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:45.763-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -28021,6 +28183,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31781", + "generated_time": "2021-11-16T10:27:44.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:45.763+09:30", "http2_connection": "0", "imsi": "0", @@ -28036,6 +28199,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:44.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -28143,7 +28307,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:44.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:44,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:44,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:27:44,31779,1,59148,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718968,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:45.762-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -28206,6 +28369,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31779", + "generated_time": "2021-11-16T10:27:44.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:45.762+09:30", "http2_connection": "0", "imsi": "0", @@ -28216,6 +28380,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:44.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -28316,7 +28481,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:34.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:34,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:34,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:27:34,31777,1,58514,53,34803,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718967,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:34.757-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -28383,6 +28547,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31777", + "generated_time": "2021-11-16T10:27:34.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:34.757+09:30", "http2_connection": "0", "imsi": "0", @@ -28398,6 +28563,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:34.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -28505,7 +28671,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:29.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:29,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:29,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:27:29,31775,2,58993,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718966,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:29.758-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -28568,6 +28733,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31775", + "generated_time": "2021-11-16T10:27:29.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:29.758+09:30", "http2_connection": "0", "imsi": "0", @@ -28578,6 +28744,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:29.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -28678,7 +28845,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:24.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:24,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:24,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:27:24,31774,1,58993,53,14335,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718965,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:24.756-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -28745,6 +28911,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31774", + "generated_time": "2021-11-16T10:27:24.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:24.756+09:30", "http2_connection": "0", "imsi": "0", @@ -28760,6 +28927,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:24.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -28867,7 +29035,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:19.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:19,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:19,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:27:19,31770,2,59215,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718964,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:19.756-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -28930,6 +29097,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31770", + "generated_time": "2021-11-16T10:27:19.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:19.756+09:30", "http2_connection": "0", "imsi": "0", @@ -28940,6 +29108,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:19.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -29040,7 +29209,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:14.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:14,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:14,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:27:14,31766,2,59215,53,58034,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718963,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:14.755-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -29107,6 +29275,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31766", + "generated_time": "2021-11-16T10:27:14.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:14.755+09:30", "http2_connection": "0", "imsi": "0", @@ -29122,6 +29291,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:14.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -29224,7 +29394,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:04.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:04,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:04,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:27:04,31762,1,57615,53,65092,53,0x403000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718962,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:04.776-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -29291,6 +29460,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31762", + "generated_time": "2021-11-16T10:27:04.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:04.776+09:30", "http2_connection": "0", "imsi": "0", @@ -29306,6 +29476,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:04.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -29413,7 +29584,6 @@ "threat", "network" ], - "created": "2021-11-16T10:27:04.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:27:04,007051000184334,THREAT,spyware,2561,2021/11/16 10:27:04,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:27:04,31761,2,58004,53,0,0,0x3000,udp,drop,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718961,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:27:04.776-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -29476,6 +29646,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31761", + "generated_time": "2021-11-16T10:27:04.000+09:30", "high_resolution_timestamp": "2021-11-17T03:57:04.776+09:30", "http2_connection": "0", "imsi": "0", @@ -29486,6 +29657,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:27:04.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -29586,7 +29758,6 @@ "threat", "network" ], - "created": "2021-11-16T10:26:59.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:26:59,007051000184334,THREAT,spyware,2561,2021/11/16 10:26:59,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:26:59,31760,1,58004,53,50075,53,0x403000,udp,drop-packet,\"sabaint.me\",generic:sabaint.me(418218978),any,medium,client-to-server,7029847907104718960,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:26:59.749-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -29650,6 +29821,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31760", + "generated_time": "2021-11-16T10:26:59.000+09:30", "high_resolution_timestamp": "2021-11-17T03:56:59.749+09:30", "http2_connection": "0", "imsi": "0", @@ -29665,6 +29837,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:26:59.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -29772,7 +29945,6 @@ "threat", "network" ], - "created": "2021-11-16T10:12:09.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:12:09,007051000184334,THREAT,spyware,2561,2021/11/16 10:12:09,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:12:09,31425,2,58480,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718955,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:12:09.249-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -29835,6 +30007,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31425", + "generated_time": "2021-11-16T10:12:09.000+09:30", "high_resolution_timestamp": "2021-11-17T03:42:09.249+09:30", "http2_connection": "0", "imsi": "0", @@ -29845,6 +30018,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:12:09.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -29945,7 +30119,6 @@ "threat", "network" ], - "created": "2021-11-16T10:12:04.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:12:04,007051000184334,THREAT,spyware,2561,2021/11/16 10:12:04,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:12:04,31424,2,58480,53,28628,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718954,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:12:04.291-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -30012,6 +30185,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31424", + "generated_time": "2021-11-16T10:12:04.000+09:30", "high_resolution_timestamp": "2021-11-17T03:42:04.291+09:30", "http2_connection": "0", "imsi": "0", @@ -30027,6 +30201,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:12:04.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -30129,7 +30304,6 @@ "threat", "network" ], - "created": "2021-11-16T10:11:34.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:11:34,007051000184334,THREAT,spyware,2561,2021/11/16 10:11:34,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:11:34,31415,1,59487,53,17390,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718953,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:11:34.244-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -30196,6 +30370,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31415", + "generated_time": "2021-11-16T10:11:34.000+09:30", "high_resolution_timestamp": "2021-11-17T03:41:34.244+09:30", "http2_connection": "0", "imsi": "0", @@ -30211,6 +30386,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:11:34.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -30318,7 +30494,6 @@ "threat", "network" ], - "created": "2021-11-16T10:11:29.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:11:29,007051000184334,THREAT,spyware,2561,2021/11/16 10:11:29,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:11:29,31412,2,58329,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718952,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:11:29.243-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -30381,6 +30556,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31412", + "generated_time": "2021-11-16T10:11:29.000+09:30", "high_resolution_timestamp": "2021-11-17T03:41:29.243+09:30", "http2_connection": "0", "imsi": "0", @@ -30391,6 +30567,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:11:29.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -30491,7 +30668,6 @@ "threat", "network" ], - "created": "2021-11-16T10:11:24.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:11:24,007051000184334,THREAT,spyware,2561,2021/11/16 10:11:24,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:11:24,31411,1,58329,53,39886,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718951,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:11:24.243-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -30558,6 +30734,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31411", + "generated_time": "2021-11-16T10:11:24.000+09:30", "high_resolution_timestamp": "2021-11-17T03:41:24.243+09:30", "http2_connection": "0", "imsi": "0", @@ -30573,6 +30750,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:11:24.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -30680,7 +30858,6 @@ "threat", "network" ], - "created": "2021-11-16T10:11:14.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:11:14,007051000184334,THREAT,spyware,2561,2021/11/16 10:11:14,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:11:14,31409,1,57978,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718950,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:11:14.242-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -30743,6 +30920,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31409", + "generated_time": "2021-11-16T10:11:14.000+09:30", "high_resolution_timestamp": "2021-11-17T03:41:14.242+09:30", "http2_connection": "0", "imsi": "0", @@ -30753,6 +30931,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:11:14.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -30853,7 +31032,6 @@ "threat", "network" ], - "created": "2021-11-16T10:11:09.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:11:09,007051000184334,THREAT,spyware,2561,2021/11/16 10:11:09,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:11:09,31402,3,59191,53,1563,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718949,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:11:09.241-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -30920,6 +31098,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31402", + "generated_time": "2021-11-16T10:11:09.000+09:30", "high_resolution_timestamp": "2021-11-17T03:41:09.241+09:30", "http2_connection": "0", "imsi": "0", @@ -30935,6 +31114,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:11:09.000+09:30", "repeat_count": 3, "ruleset": "LAn-TO-WAn", "sctp": { @@ -31042,7 +31222,6 @@ "threat", "network" ], - "created": "2021-11-16T10:11:04.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:11:04,007051000184334,THREAT,spyware,2561,2021/11/16 10:11:04,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:11:04,31401,2,59191,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718948,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:11:04.241-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -31105,6 +31284,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31401", + "generated_time": "2021-11-16T10:11:04.000+09:30", "high_resolution_timestamp": "2021-11-17T03:41:04.241+09:30", "http2_connection": "0", "imsi": "0", @@ -31115,6 +31295,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:11:04.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -31220,7 +31401,6 @@ "threat", "network" ], - "created": "2021-11-16T10:10:54.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:10:54,007051000184334,THREAT,spyware,2561,2021/11/16 10:10:54,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:10:54,31397,2,59725,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718947,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:10:54.240-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -31283,6 +31463,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31397", + "generated_time": "2021-11-16T10:10:54.000+09:30", "high_resolution_timestamp": "2021-11-17T03:40:54.240+09:30", "http2_connection": "0", "imsi": "0", @@ -31293,6 +31474,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:10:54.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -31393,7 +31575,6 @@ "threat", "network" ], - "created": "2021-11-16T10:10:54.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:10:54,007051000184334,THREAT,spyware,2561,2021/11/16 10:10:54,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:10:54,31390,2,59725,53,30685,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718946,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:10:54.239-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -31460,6 +31641,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31390", + "generated_time": "2021-11-16T10:10:54.000+09:30", "high_resolution_timestamp": "2021-11-17T03:40:54.239+09:30", "http2_connection": "0", "imsi": "0", @@ -31475,6 +31657,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:10:54.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -31582,7 +31765,6 @@ "threat", "network" ], - "created": "2021-11-16T10:10:44.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:10:44,007051000184334,THREAT,spyware,2561,2021/11/16 10:10:44,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:10:44,31381,2,57339,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718945,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:10:44.233-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -31645,6 +31827,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31381", + "generated_time": "2021-11-16T10:10:44.000+09:30", "high_resolution_timestamp": "2021-11-17T03:40:44.233+09:30", "http2_connection": "0", "imsi": "0", @@ -31655,6 +31838,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:10:44.000+09:30", "repeat_count": 2, "ruleset": "intrazone-default", "sctp": { @@ -31755,7 +31939,6 @@ "threat", "network" ], - "created": "2021-11-16T10:10:39.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:10:39,007051000184334,THREAT,spyware,2561,2021/11/16 10:10:39,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:10:39,31380,2,57339,53,64069,53,0x403000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718944,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:10:39.233-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -31822,6 +32005,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31380", + "generated_time": "2021-11-16T10:10:39.000+09:30", "high_resolution_timestamp": "2021-11-17T03:40:39.233+09:30", "http2_connection": "0", "imsi": "0", @@ -31837,6 +32021,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:10:39.000+09:30", "repeat_count": 2, "ruleset": "LAn-TO-WAn", "sctp": { @@ -31944,7 +32129,6 @@ "threat", "network" ], - "created": "2021-11-16T10:10:39.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:10:39,007051000184334,THREAT,spyware,2561,2021/11/16 10:10:39,89.160.20.156,89.160.20.112,,,intrazone-default,,,dns,vsys1,LAN,LAN,ethernet1/2,ethernet1/2,LFPpan,2021/11/16 10:10:39,31379,1,58903,53,0,0,0x3000,udp,drop,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718943,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,731c6b1a-9a62-4a92-a49c-0876025f9436,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:10:39.233-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -32007,6 +32191,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31379", + "generated_time": "2021-11-16T10:10:39.000+09:30", "high_resolution_timestamp": "2021-11-17T03:40:39.233+09:30", "http2_connection": "0", "imsi": "0", @@ -32017,6 +32202,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:10:39.000+09:30", "repeat_count": 1, "ruleset": "intrazone-default", "sctp": { @@ -32117,7 +32303,6 @@ "threat", "network" ], - "created": "2021-11-16T10:10:34.000+09:30", "kind": "alert", "original": "1,2021/11/16 10:10:34,007051000184334,THREAT,spyware,2561,2021/11/16 10:10:34,89.160.20.156,67.43.156.13,81.2.69.193,67.43.156.13,LAn-TO-WAn,,,dns,vsys1,LAN,WAN,ethernet1/2,ethernet1/1,LFPpan,2021/11/16 10:10:34,31373,1,58903,53,26180,53,0x403000,udp,drop-packet,\"www.virussign.com\",generic:www.virussign.com(327891564),any,medium,client-to-server,7029847907104718942,0x0,United States,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,dns-malware,AppThreat-0-0,0x0,0,4294967295,,,5aa3aaa9-610a-433a-8aaa-729378021aaa,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2021-11-16T10:10:35.294-08:00,,,,infrastructure,networking,network-protocol,3,\"used-by-malware,has-known-vulnerability,pervasive-use\",,dns,no,no", "outcome": "failure", @@ -32181,6 +32366,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "31373", + "generated_time": "2021-11-16T10:10:34.000+09:30", "high_resolution_timestamp": "2021-11-17T03:40:35.294+09:30", "http2_connection": "0", "imsi": "0", @@ -32196,6 +32382,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2021-11-16T10:10:34.000+09:30", "repeat_count": 1, "ruleset": "LAn-TO-WAn", "sctp": { @@ -32289,7 +32476,6 @@ "threat", "network" ], - "created": "2023-10-04T09:40:58.000+09:30", "kind": "alert", "original": "1,2023/10/04 09:40:58,007058000248010,THREAT,url,2816,2023/10/04 09:40:58,10.1.0.12,192.168.15.224,10.138.0.44,192.168.15.224,reset-adult,,,ssl,vsys1,private,public,ethernet1/2,ethernet1/1,,2023/10/04 09:40:58,763,1,50462,443,15048,443,0x407400,tcp,block-url,\"adult.com/\",(9999),adult,informational,client-to-server,7286123782408765451,0x0,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,,PA-VM,,,,,0,,0,,N/A,N/A,AppThreat-0-0,0x0,0,4294967295,,\"adult,low-risk\",73a06abf-75ca-436f-9319-1a15b27fa692,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2023-10-04T09:40:58.388-07:00,,,,encrypted-tunnel,networking,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,ssl,no,no,,,NonProxyTraffic", "outcome": "failure", @@ -32357,6 +32543,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "763", + "generated_time": "2023-10-04T09:40:58.000+09:30", "high_resolution_timestamp": "2023-10-05T02:10:58.388+09:30", "http2_connection": "0", "imsi": "0", @@ -32371,6 +32558,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2023-10-04T09:40:58.000+09:30", "repeat_count": 1, "ruleset": "reset-adult", "sctp": { @@ -32457,7 +32645,6 @@ "threat", "network" ], - "created": "2023-10-04T09:40:43.000+09:30", "kind": "alert", "original": "1,2023/10/04 09:40:43,007058000248010,THREAT,url,2816,2023/10/04 09:40:43,10.1.0.12,192.168.15.224,10.138.0.44,192.168.15.224,block-sports,,,web-browsing,vsys1,private,public,ethernet1/2,ethernet1/1,elastic,2023/10/04 09:40:43,730,1,54344,80,1618,80,0x407000,tcp,block-url,\"www.espn.com/\",(9999),sports,informational,client-to-server,7286123782408765449,0x0,10.0.0.0-10.255.255.255,United States,,,0,,,1,,,,,,,,0,0,0,0,0,,PA-VM,,,,get,0,,0,,N/A,N/A,AppThreat-0-0,0x0,0,4294967295,,\"sports,low-risk\",eb5b9cd9-716b-4729-a5de-9033f4c5aa4f,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2023-10-04T09:40:43.387-07:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,web-browsing,no,no,,,NonProxyTraffic", "outcome": "failure", @@ -32529,6 +32716,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "730", + "generated_time": "2023-10-04T09:40:43.000+09:30", "high_resolution_timestamp": "2023-10-05T02:10:43.387+09:30", "http2_connection": "0", "imsi": "0", @@ -32544,6 +32732,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2023-10-04T09:40:43.000+09:30", "repeat_count": 1, "ruleset": "block-sports", "sctp": { @@ -32644,7 +32833,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src-domainname\\src_username,dst-domainname\\dst_username,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -32701,6 +32889,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -32713,6 +32902,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -32820,7 +33010,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,nt-autorit..t\\src_username,nt-autorit..t\\dst_username,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -32877,6 +33066,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -32889,6 +33079,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -32996,7 +33187,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,.\\src_username,.\\dst_username,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -33053,6 +33243,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -33065,6 +33256,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -33172,7 +33364,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src-domainname\\\\src_username,dst-domainname\\\\dst_username,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -33229,6 +33420,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -33241,6 +33433,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -33348,7 +33541,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src_username@src-domainname,dst_username@dst-domainname,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -33405,6 +33597,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -33417,6 +33610,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -33523,7 +33717,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src_username,dst_username,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -33580,6 +33773,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -33592,6 +33786,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -33693,7 +33888,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,x-fwd-for: 10.10.10.50,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -33750,6 +33944,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -33762,6 +33957,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -33866,7 +34062,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src_domainname\\\\src-user#name,dst_domainname\\\\dst-user#name,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -33923,6 +34118,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -33935,6 +34131,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -34042,7 +34239,6 @@ "threat", "network" ], - "created": "2018-11-30T16:44:36.000+09:30", "kind": "alert", "original": "Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,175.16.199.1,192.168.1.63,175.16.199.1,new_outbound_from_trust,src_domain..name\\\\src-user#name,dst_domain..name\\\\dst-user#name,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,\"consent.cmp.oath.com/\",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,", "outcome": "failure", @@ -34099,6 +34295,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "28191", + "generated_time": "2018-11-30T16:44:36.000+09:30", "imsi": "0", "log_profile": "send_to_mac", "logged_time": "2018-11-30T16:44:36.000+09:30", @@ -34111,6 +34308,7 @@ "id": "0" }, "payload_protocol_id": "4294967295", + "received_time": "2018-11-30T16:44:36.000+09:30", "repeat_count": 1, "ruleset": "new_outbound_from_trust", "sctp": { @@ -34204,7 +34402,6 @@ "threat", "network" ], - "created": "2024-04-09T16:57:36.000+09:30", "kind": "alert", "original": "Apr 9 16:57:37 PA5250 1,2024/04/09 16:57:36,123456789012,THREAT,url,2561,2024/04/09 16:57:36,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_L7D_Kassasystemen-2-Internet,,,ssl,vsys1,IOT,Internet,ae1.1324,ae2.497,Panorama-Elastic,2024/04/09 16:57:36,33874993,1,54421,443,29394,443,0x403400,tcp,block-url,\"keyvalueservice.icloud.com\",(9999),online-storage-and-backup,informational,client-to-server,7341108846123879261,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\" CUC_Apple,online-storage-and-backup,low-risk\",608460e0-3b24-4bef-a676-96027545ae7d,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T16:57:37.089+02:00,,,,encrypted-tunnel,networking,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,ssl,no,no,_reportid", "outcome": "failure", @@ -34275,6 +34472,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "33874993", + "generated_time": "2024-04-09T16:57:36.000+09:30", "high_resolution_timestamp": "2024-04-10T00:27:37.089+09:30", "http2_connection": "0", "imsi": "0", @@ -34290,6 +34488,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T16:57:36.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_L7D_Kassasystemen-2-Internet", "sctp": { @@ -34377,7 +34576,6 @@ "threat", "network" ], - "created": "2024-04-09T16:57:36.000+09:30", "kind": "alert", "original": "Apr 9 16:57:37 PA5250 1,2024/04/09 16:57:36,123456789012,THREAT,url,2561,2024/04/09 16:57:36,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_L7D_Kassasystemen-2-Internet,,,ssl,vsys1,IOT,Internet,ae1.1324,ae2.497,Panorama-Elastic,2024/04/09 16:57:36,33874993,1,54421,443,29394,443,0x403400,tcp,block-url,\"keyvalueservice.icloud.com?q=30\",(9999),online-storage-and-backup,informational,client-to-server,7341108846123879261,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\" CUC_Apple,online-storage-and-backup,low-risk\",608460e0-3b24-4bef-a676-96027545ae7d,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T16:57:37.089+02:00,,,,encrypted-tunnel,networking,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,ssl,no,no,_reportid", "outcome": "failure", @@ -34448,6 +34646,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "33874993", + "generated_time": "2024-04-09T16:57:36.000+09:30", "high_resolution_timestamp": "2024-04-10T00:27:37.089+09:30", "http2_connection": "0", "imsi": "0", @@ -34463,6 +34662,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T16:57:36.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_L7D_Kassasystemen-2-Internet", "sctp": { @@ -34550,7 +34750,6 @@ "threat", "network" ], - "created": "2024-04-09T16:57:36.000+09:30", "kind": "alert", "original": "Apr 9 16:57:37 PA5250 1,2024/04/09 16:57:36,123456789012,THREAT,url,2561,2024/04/09 16:57:36,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_L7D_Kassasystemen-2-Internet,,,ssl,vsys1,IOT,Internet,ae1.1324,ae2.497,Panorama-Elastic,2024/04/09 16:57:36,33874993,1,54421,443,29394,443,0x403400,tcp,block-url,\"keyvalueservice.icloud.com:443?q=30\",(9999),online-storage-and-backup,informational,client-to-server,7341108846123879261,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\" CUC_Apple,online-storage-and-backup,low-risk\",608460e0-3b24-4bef-a676-96027545ae7d,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T16:57:37.089+02:00,,,,encrypted-tunnel,networking,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,ssl,no,no,_reportid", "outcome": "failure", @@ -34621,6 +34820,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "33874993", + "generated_time": "2024-04-09T16:57:36.000+09:30", "high_resolution_timestamp": "2024-04-10T00:27:37.089+09:30", "http2_connection": "0", "imsi": "0", @@ -34636,6 +34836,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T16:57:36.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_L7D_Kassasystemen-2-Internet", "sctp": { @@ -34725,7 +34926,6 @@ "threat", "network" ], - "created": "2024-04-09T11:00:29.000+09:30", "kind": "alert", "original": "Apr 9 16:57:37 PA5250 1,2024/04/09 11:00:29,123456789012,THREAT,url,2561,2024/04/09 11:00:29,10.154.247.224,192.168.4.4,192.168.72.187,192.168.4.4,A_ANY_L7A_surf-Good internet appl PUBNET-Open Internet,,,ssl,vsys1,Open Internet,Internet-PUBNET,ae1.898,ethernet1/16.451,Panorama-Elastic,2024/04/09 11:00:29,2552174,1,57241,443,6226,443,0x403400,tcp,block-url,\"dns.google\",(9999),encrypted-dns,informational,client-to-server,7341108846081879882,0x8000000000000000,10.0.0.0-10.255.255.255,United States,,,0,,,0,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\"encrypted-dns,computer-and-internet-info,low-risk\",f27e631a-d0b9-4d01-bdfa-e955076d9a21,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T11:00:29.812+02:00,,,,encrypted-tunnel,networking,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,ssl,no,no,_reportid", "outcome": "failure", @@ -34796,6 +34996,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "2552174", + "generated_time": "2024-04-09T11:00:29.000+09:30", "high_resolution_timestamp": "2024-04-09T18:30:29.812+09:30", "http2_connection": "0", "imsi": "0", @@ -34811,6 +35012,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T11:00:29.000+09:30", "repeat_count": 1, "ruleset": "A_ANY_L7A_surf-Good internet appl PUBNET-Open Internet", "sctp": { @@ -34894,7 +35096,6 @@ "threat", "network" ], - "created": "2024-04-09T20:43:29.000+09:30", "kind": "alert", "original": "Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,url,2561,2024/04/09 20:43:29,192.168.72.187,192.168.110.104,0.0.0.0,0.0.0.0,A_SRC_ANY_DMZ-Public-to-Internet,,,google-base,vsys1,Internet,Internet,ethernet1/15.451,ae2.497,Panorama-Elastic,2024/04/09 20:43:29,3853754,1,12235,80,0,0,0xb000,tcp,alert,\"www.google.com/\",(9999),search-engines,informational,client-to-server,7341108846134004297,0x8000000000000000,Belgium,United States,,text/html,0,,,1,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,get,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\" CUC_OCP4_worker-nodes,search-engines,low-risk\",a76c7b1d-5e84-48f5-9498-a9d10ffc959c,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:30.719+02:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,google-base,no,no,_reportid", "outcome": "success", @@ -34966,6 +35167,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "3853754", + "generated_time": "2024-04-09T20:43:29.000+09:30", "high_resolution_timestamp": "2024-04-10T04:13:30.719+09:30", "http2_connection": "0", "http_content_type": "text/html", @@ -34977,6 +35179,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T20:43:29.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_ANY_DMZ-Public-to-Internet", "sctp": { @@ -35055,7 +35258,6 @@ "threat", "network" ], - "created": "2024-04-09T20:43:29.000+09:30", "kind": "alert", "original": "Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,url,2561,2024/04/09 20:43:29,192.168.72.187,192.168.110.104,0.0.0.0,0.0.0.0,A_SRC_ANY_DMZ-Public-to-Internet,,,google-base,vsys1,Internet,Internet,ethernet1/15.451,ae2.497,Panorama-Elastic,2024/04/09 20:43:29,3853754,1,12235,80,0,0,0xb000,tcp,alert,\"www.google.com:80/\",(9999),search-engines,informational,client-to-server,7341108846134004297,0x8000000000000000,Belgium,United States,,text/html,0,,,1,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,get,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\" CUC_OCP4_worker-nodes,search-engines,low-risk\",a76c7b1d-5e84-48f5-9498-a9d10ffc959c,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:30.719+02:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,google-base,no,no,_reportid", "outcome": "success", @@ -35127,6 +35329,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "3853754", + "generated_time": "2024-04-09T20:43:29.000+09:30", "high_resolution_timestamp": "2024-04-10T04:13:30.719+09:30", "http2_connection": "0", "http_content_type": "text/html", @@ -35138,6 +35341,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T20:43:29.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_ANY_DMZ-Public-to-Internet", "sctp": { @@ -35222,7 +35426,6 @@ "threat", "network" ], - "created": "2024-04-09T20:43:29.000+09:30", "kind": "alert", "original": "Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,virus,2561,2024/04/09 20:43:29,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_ANY_DMZ-Public-to-Internet,src_username@src-domainname,,web-browsing,vsys1,Inside,Outside,ae1.1324,ae2.497,default,2024/04/09 20:43:29,2398805,2,50833,443,14918,443,0x1402000,tcp,reset-server,\"download-cdn.jetbrains.com/resharper/dotUltimate.2023.3.4/Packages/JetBrains.ReSharper.Plugins.ReSharperTutorials.233.0.20240306.121739.nupkg\",Virus/Linux.example(419149938),computer-and-internet-info,medium,server-to-client,7332568507791862502,0x8000000000000000,United States,United States,,,0,,,1,,,,,,,,0,16,14,0,0,,AC-PA5250,,,,,0,,0,,N/A,script-av,Antivirus-4767-5285,0x0,0,4294967295,,,a76c7b1d-5e84-48f5-9498-a9d10ffc959c,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:29.123+01:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,web-browsing,no,no,", "outcome": "failure", @@ -35290,6 +35493,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "2398805", + "generated_time": "2024-04-09T20:43:29.000+09:30", "high_resolution_timestamp": "2024-04-10T05:13:29.123+09:30", "http2_connection": "0", "imsi": "0", @@ -35305,6 +35509,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T20:43:29.000+09:30", "repeat_count": 2, "ruleset": "A_SRC_ANY_DMZ-Public-to-Internet", "sctp": { @@ -35398,7 +35603,6 @@ "threat", "network" ], - "created": "2024-04-09T20:43:29.000+09:30", "kind": "alert", "original": "Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,virus,2561,2024/04/09 20:43:29,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_ANY_DMZ-Public-to-Internet,src_username@src-domainname,,web-browsing,vsys1,Inside,Outside,ae1.1324,ae2.497,default,2024/04/09 20:43:29,234719,1,54576,443,50192,443,0x1402000,tcp,reset-both,\"commons-digester3-3.2.jar\",Virus/Linux.example(419149938),computer-and-internet-info,medium,server-to-client,7364505737280619655,0x8000000000000000,United States,United States,,,0,,,1,,,,,,,,0,16,14,0,0,,AC-PA5250,,,,,0,,0,2024/04/09 20:43:29,N/A,script-av,Antivirus-4809-5327,0x0,0,4294967295,,,a76c7b1d-5e84-48f5-9498-a9d10ffc959c,894567,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:29+02:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,web-browsing,no,no,", "outcome": "failure", @@ -35472,6 +35676,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "234719", + "generated_time": "2024-04-09T20:43:29.000+09:30", "high_resolution_timestamp": "2024-04-10T04:13:29.000+09:30", "http2_connection": "894567", "imsi": "0", @@ -35488,6 +35693,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T20:43:29.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_ANY_DMZ-Public-to-Internet", "sctp": { @@ -35574,7 +35780,6 @@ "threat", "network" ], - "created": "2024-04-09T20:43:29.000+09:30", "kind": "alert", "original": "Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,url,2561,2024/04/09 20:43:29,192.168.72.187,192.168.110.104,0.0.0.0,0.0.0.0,A_SRC_ANY_DMZ-Public-to-Internet,,,google-base,vsys1,Internet,Internet,ethernet1/15.451,ae2.497,Panorama-Elastic,2024/04/09 20:43:29,3853754,1,12235,80,0,0,0xb000,tcp,alert,\"www.google.com:80/\",(9999),search-engines,Informational,client-to-server,7341108846134004297,0x8000000000000000,Belgium,United States,,text/html,0,,,1,,,,,,,,0,0,0,0,0,Core,AC-PA5250,,,,get,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,,\" CUC_OCP4_worker-nodes,search-engines,low-risk\",a76c7b1d-5e84-48f5-9498-a9d10ffc959c,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:30.719+02:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,google-base,no,no,_reportid", "outcome": "success", @@ -35646,6 +35851,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "3853754", + "generated_time": "2024-04-09T20:43:29.000+09:30", "high_resolution_timestamp": "2024-04-10T04:13:30.719+09:30", "http2_connection": "0", "http_content_type": "text/html", @@ -35657,6 +35863,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T20:43:29.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_ANY_DMZ-Public-to-Internet", "sctp": { @@ -35740,7 +35947,6 @@ "threat", "network" ], - "created": "2024-04-09T20:43:29.000+09:30", "kind": "alert", "original": "Apr 9 20:43:30 AC-PA5250 1,2024/04/09 20:43:29,123456789012,THREAT,virus,2561,2024/04/09 20:43:29,10.84.12.242,192.168.236.67,192.168.26.150,192.168.236.67,A_SRC_ANY_DMZ-Public-to-Internet,src_username@src-domainname,,web-browsing,vsys1,Inside,Outside,ae1.1324,ae2.497,default,2024/04/09 20:43:29,234719,1,54576,443,50192,443,0x1402000,tcp,reset-both,\"commons-digester3-3.2.jar\",Virus/Linux.example(419149938),computer-and-internet-info,Medium,server-to-client,7364505737280619655,0x8000000000000000,United States,United States,,,0,,,1,,,,,,,,0,16,14,0,0,,AC-PA5250,,,,,0,,0,2024/04/09 20:43:29,N/A,script-av,Antivirus-4809-5327,0x0,0,4294967295,,,a76c7b1d-5e84-48f5-9498-a9d10ffc959c,894567,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,2024-04-09T20:43:29+02:00,,,,internet-utility,general-internet,browser-based,4,\"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use\",,web-browsing,no,no,", "outcome": "failure", @@ -35814,6 +36020,7 @@ "device_group_hierarchy3": "0", "device_group_hierarchy4": "0", "flow_id": "234719", + "generated_time": "2024-04-09T20:43:29.000+09:30", "high_resolution_timestamp": "2024-04-10T04:13:29.000+09:30", "http2_connection": "894567", "imsi": "0", @@ -35830,6 +36037,7 @@ }, "partial_hash": "0", "payload_protocol_id": "4294967295", + "received_time": "2024-04-09T20:43:29.000+09:30", "repeat_count": 1, "ruleset": "A_SRC_ANY_DMZ-Public-to-Internet", "sctp": { diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-time-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-time-sample.log-expected.json index f311da77478..174eb066e27 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-time-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-time-sample.log-expected.json @@ -36,7 +36,6 @@ "category": [ "network" ], - "created": "2021-11-23T00:44:44.000-08:00", "duration": 1234567890000000000, "end": "2061-01-06T00:16:14.930-08:00", "kind": "event", @@ -112,6 +111,7 @@ }, "endreason": "end", "flow_id": "id", + "generated_time": "2021-11-23T00:44:44.000-08:00", "high_resolution_timestamp": "2021-11-23T00:44:44.930-08:00", "imei": "imei", "imsi": "imsi", @@ -132,6 +132,7 @@ "pdu_session": { "id": "100" }, + "received_time": "2021-11-23T00:44:44.000-08:00", "remote_user": { "id": "100", "ip": "81.2.69.192" @@ -231,7 +232,6 @@ "category": [ "network" ], - "created": "2021-11-23T00:44:44.000-08:00", "duration": 1234567890000000000, "end": "2061-01-06T00:16:14.930-08:00", "kind": "event", @@ -307,6 +307,7 @@ }, "endreason": "end", "flow_id": "id", + "generated_time": "2021-11-23T00:44:44.000-08:00", "imei": "imei", "imsi": "imsi", "log_profile": "log", @@ -326,6 +327,7 @@ "pdu_session": { "id": "100" }, + "received_time": "2021-11-23T00:44:44.000-08:00", "remote_user": { "id": "100", "ip": "81.2.69.192" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json index f82cb524f93..7663494914a 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json @@ -33,7 +33,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:07.000Z", "duration": 586000000000, "end": "2018-11-30T16:08:50.000Z", "kind": "event", @@ -222,7 +221,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:09.000Z", "duration": 0, "end": "2018-11-30T16:08:55.000Z", "kind": "event", @@ -405,7 +403,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:09.000Z", "duration": 1000000000, "end": "2018-11-30T16:08:52.000Z", "kind": "event", @@ -594,7 +591,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:15.000Z", "duration": 0, "end": "2018-11-30T16:09:01.000Z", "kind": "event", @@ -777,7 +773,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:15.000Z", "duration": 0, "end": "2018-11-30T16:07:13.000Z", "kind": "event", @@ -966,7 +961,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:15.000Z", "duration": 85000000000, "end": "2018-11-30T16:08:58.000Z", "kind": "event", @@ -1155,7 +1149,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:21.000Z", "duration": 0, "end": "2018-11-30T16:09:07.000Z", "kind": "event", @@ -1338,7 +1331,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:21.000Z", "duration": 15000000000, "end": "2018-11-30T16:07:19.000Z", "kind": "event", @@ -1527,7 +1519,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:22.000Z", "duration": 0, "end": "2018-11-30T16:08:50.000Z", "kind": "event", @@ -1716,7 +1707,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:23.000Z", "duration": 0, "end": "2018-11-30T16:08:51.000Z", "kind": "event", @@ -1905,7 +1895,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:24.000Z", "duration": 593000000000, "end": "2018-11-30T16:08:52.000Z", "kind": "event", @@ -2094,7 +2083,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:24.000Z", "duration": 0, "end": "2018-11-30T16:08:52.000Z", "kind": "event", @@ -2283,7 +2271,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:24.000Z", "duration": 0, "end": "2018-11-30T16:08:52.000Z", "kind": "event", @@ -2472,7 +2459,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:24.000Z", "duration": 0, "end": "2018-11-30T16:08:52.000Z", "kind": "event", @@ -2661,7 +2647,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:24.000Z", "duration": 0, "end": "2018-11-30T16:08:52.000Z", "kind": "event", @@ -2850,7 +2835,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:27.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -3033,7 +3017,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:27.000Z", "duration": 1000000000, "end": "2018-11-30T16:08:55.000Z", "kind": "event", @@ -3222,7 +3205,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:28.000Z", "duration": 17000000000, "end": "2018-11-30T16:09:11.000Z", "kind": "event", @@ -3411,7 +3393,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:28.000Z", "duration": 17000000000, "end": "2018-11-30T16:09:11.000Z", "kind": "event", @@ -3600,7 +3581,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:29.000Z", "duration": 0, "end": "2018-11-30T16:09:15.000Z", "kind": "event", @@ -3783,7 +3763,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:29.000Z", "duration": 116000000000, "end": "2018-11-30T16:09:12.000Z", "kind": "event", @@ -3972,7 +3951,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:29.000Z", "duration": 0, "end": "2018-11-30T16:08:57.000Z", "kind": "event", @@ -4161,7 +4139,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:30.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -4350,7 +4327,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:32.000Z", "duration": 13000000000, "end": "2018-11-30T16:09:25.000Z", "kind": "event", @@ -4539,7 +4515,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:33.000Z", "duration": 0, "end": "2018-11-30T16:09:19.000Z", "kind": "event", @@ -4721,7 +4696,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:34.000Z", "duration": 0, "end": "2018-11-30T16:09:02.000Z", "kind": "event", @@ -4906,7 +4880,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:37.000Z", "duration": 15000000000, "end": "2018-11-30T16:07:35.000Z", "kind": "event", @@ -5093,7 +5066,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:38.000Z", "duration": 0, "end": "2018-11-30T16:09:21.000Z", "kind": "event", @@ -5282,7 +5254,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:38.000Z", "duration": 0, "end": "2018-11-30T16:07:36.000Z", "kind": "event", @@ -5471,7 +5442,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:39.000Z", "duration": 0, "end": "2018-11-30T16:09:25.000Z", "kind": "event", @@ -5654,7 +5624,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:39.000Z", "duration": 0, "end": "2018-11-30T16:09:25.000Z", "kind": "event", @@ -5837,7 +5806,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:39.000Z", "duration": 0, "end": "2018-11-30T16:09:22.000Z", "kind": "event", @@ -6026,7 +5994,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:40.000Z", "duration": 0, "end": "2018-11-30T16:09:08.000Z", "kind": "event", @@ -6215,7 +6182,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:40.000Z", "duration": 0, "end": "2018-11-30T16:09:33.000Z", "kind": "event", @@ -6404,7 +6370,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:42.000Z", "duration": 0, "end": "2018-11-30T16:09:25.000Z", "kind": "event", @@ -6593,7 +6558,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:42.000Z", "duration": 4000000000, "end": "2018-11-30T16:09:25.000Z", "kind": "event", @@ -6782,7 +6746,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 0, "end": "2018-11-30T16:09:12.000Z", "kind": "event", @@ -6971,7 +6934,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 0, "end": "2018-11-30T16:09:12.000Z", "kind": "event", @@ -7160,7 +7122,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 8000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -7349,7 +7310,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 8000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -7538,7 +7498,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 6000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -7727,7 +7686,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 13000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -7916,7 +7874,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 8000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -8105,7 +8062,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 8000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -8294,7 +8250,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 0, "end": "2018-11-30T16:09:12.000Z", "kind": "event", @@ -8483,7 +8438,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 0, "end": "2018-11-30T16:09:12.000Z", "kind": "event", @@ -8672,7 +8626,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 6000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -8861,7 +8814,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 13000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -9050,7 +9002,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:45.000Z", "duration": 8000000000, "end": "2018-11-30T16:09:27.000Z", "kind": "event", @@ -9239,7 +9190,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:31.000Z", "kind": "event", @@ -9418,7 +9368,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -9607,7 +9556,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -9796,7 +9744,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -9985,7 +9932,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -10174,7 +10120,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -10363,7 +10308,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -10552,7 +10496,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -10741,7 +10684,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -10930,7 +10872,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -11119,7 +11060,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -11308,7 +11248,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -11497,7 +11436,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -11686,7 +11624,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:46.000Z", "duration": 0, "end": "2018-11-30T16:09:13.000Z", "kind": "event", @@ -11875,7 +11812,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -12064,7 +12000,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -12253,7 +12188,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -12442,7 +12376,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -12631,7 +12564,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -12820,7 +12752,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -13009,7 +12940,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:29.000Z", "kind": "event", @@ -13198,7 +13128,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 1000000000, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -13387,7 +13316,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -13576,7 +13504,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 12000000000, "end": "2018-11-30T16:09:29.000Z", "kind": "event", @@ -13765,7 +13692,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:47.000Z", "duration": 0, "end": "2018-11-30T16:09:14.000Z", "kind": "event", @@ -13954,7 +13880,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:48.000Z", "duration": 0, "end": "2018-11-30T16:09:15.000Z", "kind": "event", @@ -14143,7 +14068,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:48.000Z", "duration": 0, "end": "2018-11-30T16:09:15.000Z", "kind": "event", @@ -14332,7 +14256,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:48.000Z", "duration": 0, "end": "2018-11-30T16:09:15.000Z", "kind": "event", @@ -14521,7 +14444,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:49.000Z", "duration": 0, "end": "2018-11-30T16:09:16.000Z", "kind": "event", @@ -14709,7 +14631,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:49.000Z", "duration": 0, "end": "2018-11-30T16:09:16.000Z", "kind": "event", @@ -14897,7 +14818,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:49.000Z", "duration": 0, "end": "2018-11-30T16:09:16.000Z", "kind": "event", @@ -15085,7 +15005,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:49.000Z", "duration": 10000000000, "end": "2018-11-30T16:09:31.000Z", "kind": "event", @@ -15273,7 +15192,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:49.000Z", "duration": 0, "end": "2018-11-30T16:09:16.000Z", "kind": "event", @@ -15462,7 +15380,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:49.000Z", "duration": 0, "end": "2018-11-30T16:09:16.000Z", "kind": "event", @@ -15651,7 +15568,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:49.000Z", "duration": 0, "end": "2018-11-30T16:09:16.000Z", "kind": "event", @@ -15840,7 +15756,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 11000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -16029,7 +15944,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 11000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -16218,7 +16132,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 11000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -16407,7 +16320,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 11000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -16596,7 +16508,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 11000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -16785,7 +16696,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 12000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -16974,7 +16884,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 12000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -17163,7 +17072,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 12000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -17352,7 +17260,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:50.000Z", "duration": 12000000000, "end": "2018-11-30T16:09:32.000Z", "kind": "event", @@ -17541,7 +17448,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:51.000Z", "duration": 0, "end": "2018-11-30T16:09:18.000Z", "kind": "event", @@ -17730,7 +17636,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:52.000Z", "duration": 0, "end": "2018-11-30T16:09:37.000Z", "kind": "event", @@ -17913,7 +17818,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:52.000Z", "duration": 0, "end": "2018-11-30T16:09:19.000Z", "kind": "event", @@ -18102,7 +18006,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:52.000Z", "duration": 0, "end": "2018-11-30T16:09:19.000Z", "kind": "event", @@ -18291,7 +18194,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:52.000Z", "duration": 0, "end": "2018-11-30T16:09:19.000Z", "kind": "event", @@ -18480,7 +18382,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:52.000Z", "duration": 0, "end": "2018-11-30T16:09:19.000Z", "kind": "event", @@ -18669,7 +18570,6 @@ "category": [ "network" ], - "created": "2018-11-30T16:09:52.000Z", "duration": 0, "end": "2018-11-30T16:09:19.000Z", "kind": "event", @@ -18857,7 +18757,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:36:18.000Z", "duration": 0, "end": "2021-10-26T15:35:42.000Z", "kind": "event", @@ -19034,7 +18933,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:35:43.000Z", "duration": 0, "end": "2021-10-26T15:35:08.000Z", "kind": "event", @@ -19207,7 +19105,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:30:18.000Z", "duration": 0, "end": "2021-10-26T15:29:42.000Z", "kind": "event", @@ -19384,7 +19281,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:29:43.000Z", "duration": 0, "end": "2021-10-26T15:29:07.000Z", "kind": "event", @@ -19561,7 +19457,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:29:13.000Z", "duration": 0, "end": "2021-10-26T15:28:37.000Z", "kind": "event", @@ -19729,7 +19624,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:29:08.000Z", "duration": 0, "end": "2021-10-26T15:28:34.000Z", "kind": "event", @@ -19916,7 +19810,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:28:43.000Z", "duration": 0, "end": "2021-10-26T15:28:07.000Z", "kind": "event", @@ -20094,7 +19987,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:28:38.000Z", "duration": 0, "end": "2021-10-26T15:28:05.000Z", "kind": "event", @@ -20281,7 +20173,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:28:38.000Z", "duration": 0, "end": "2021-10-26T15:28:05.000Z", "kind": "event", @@ -20468,7 +20359,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:28:08.000Z", "duration": 0, "end": "2021-10-26T15:28:05.000Z", "kind": "event", @@ -20655,7 +20545,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:28:08.000Z", "duration": 0, "end": "2021-10-26T15:28:05.000Z", "kind": "event", @@ -20841,7 +20730,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:25:23.000Z", "duration": 0, "end": "2021-10-26T15:24:47.000Z", "kind": "event", @@ -21018,7 +20906,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:24:48.000Z", "duration": 0, "end": "2021-10-26T15:24:12.000Z", "kind": "event", @@ -21196,7 +21083,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:24:43.000Z", "duration": 7000000000, "end": "2021-10-26T15:24:08.000Z", "kind": "event", @@ -21383,7 +21269,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:24:13.000Z", "duration": 0, "end": "2021-10-26T15:23:37.000Z", "kind": "event", @@ -21561,7 +21446,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:24:03.000Z", "duration": 0, "end": "2021-10-26T15:24:01.000Z", "kind": "event", @@ -21748,7 +21632,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:23:38.000Z", "duration": 0, "end": "2021-10-26T15:23:06.000Z", "kind": "event", @@ -21921,7 +21804,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:19:43.000Z", "duration": 0, "end": "2021-10-26T15:19:07.000Z", "kind": "event", @@ -22099,7 +21981,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:19:08.000Z", "duration": 7000000000, "end": "2021-10-26T15:18:34.000Z", "kind": "event", @@ -22286,7 +22167,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:19:08.000Z", "duration": 0, "end": "2021-10-26T15:18:32.000Z", "kind": "event", @@ -22463,7 +22343,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:19:03.000Z", "duration": 0, "end": "2021-10-26T15:18:27.000Z", "kind": "event", @@ -22640,7 +22519,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:18:33.000Z", "duration": 0, "end": "2021-10-26T15:17:57.000Z", "kind": "event", @@ -22818,7 +22696,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:18:33.000Z", "duration": 0, "end": "2021-10-26T15:18:27.000Z", "kind": "event", @@ -23006,7 +22883,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:18:28.000Z", "duration": 0, "end": "2021-10-26T15:17:53.000Z", "kind": "event", @@ -23192,7 +23068,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:18:18.000Z", "duration": 0, "end": "2021-10-26T15:17:42.000Z", "kind": "event", @@ -23370,7 +23245,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:17:58.000Z", "duration": 7000000000, "end": "2021-10-26T15:17:26.000Z", "kind": "event", @@ -23558,7 +23432,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:17:58.000Z", "duration": 0, "end": "2021-10-26T15:17:53.000Z", "kind": "event", @@ -23744,7 +23617,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:17:43.000Z", "duration": 0, "end": "2021-10-26T15:17:07.000Z", "kind": "event", @@ -23922,7 +23794,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:17:23.000Z", "duration": 0, "end": "2021-10-26T15:17:19.000Z", "kind": "event", @@ -24100,7 +23971,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:17:08.000Z", "duration": 0, "end": "2021-10-26T15:16:35.000Z", "kind": "event", @@ -24287,7 +24157,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:13:23.000Z", "duration": 0, "end": "2021-10-26T15:12:47.000Z", "kind": "event", @@ -24464,7 +24333,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:12:48.000Z", "duration": 0, "end": "2021-10-26T15:12:12.000Z", "kind": "event", @@ -24632,7 +24500,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:12:33.000Z", "duration": 1000000000, "end": "2021-10-26T15:12:00.000Z", "kind": "event", @@ -24819,7 +24686,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:12:13.000Z", "duration": 0, "end": "2021-10-26T15:11:37.000Z", "kind": "event", @@ -24987,7 +24853,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:12:03.000Z", "duration": 0, "end": "2021-10-26T15:11:59.000Z", "kind": "event", @@ -25174,7 +25039,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:11:38.000Z", "duration": 0, "end": "2021-10-26T15:11:06.000Z", "kind": "event", @@ -25347,7 +25211,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:11:28.000Z", "duration": 0, "end": "2021-10-26T15:10:52.000Z", "kind": "event", @@ -25525,7 +25388,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:10:53.000Z", "duration": 7000000000, "end": "2021-10-26T15:10:19.000Z", "kind": "event", @@ -25712,7 +25574,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:10:53.000Z", "duration": 0, "end": "2021-10-26T15:10:17.000Z", "kind": "event", @@ -25889,7 +25750,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:10:18.000Z", "duration": 0, "end": "2021-10-26T15:09:42.000Z", "kind": "event", @@ -26067,7 +25927,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:10:18.000Z", "duration": 0, "end": "2021-10-26T15:10:12.000Z", "kind": "event", @@ -26255,7 +26114,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:09:43.000Z", "duration": 7000000000, "end": "2021-10-26T15:09:07.000Z", "kind": "event", @@ -26442,7 +26300,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:09:38.000Z", "duration": 0, "end": "2021-10-26T15:09:02.000Z", "kind": "event", @@ -26620,7 +26477,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:09:03.000Z", "duration": 0, "end": "2021-10-26T15:09:00.000Z", "kind": "event", @@ -26807,7 +26663,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:05:43.000Z", "duration": 0, "end": "2021-10-26T15:05:07.000Z", "kind": "event", @@ -26975,7 +26830,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:05:08.000Z", "duration": 0, "end": "2021-10-26T15:04:32.000Z", "kind": "event", @@ -27162,7 +27016,6 @@ "category": [ "network" ], - "created": "2021-10-26T15:00:23.000Z", "duration": 0, "end": "2021-10-26T14:59:47.000Z", "kind": "event", @@ -27339,7 +27192,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:59:48.000Z", "duration": 0, "end": "2021-10-26T14:59:12.000Z", "kind": "event", @@ -27516,7 +27368,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:59:43.000Z", "duration": 0, "end": "2021-10-26T14:59:09.000Z", "kind": "event", @@ -27689,7 +27540,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:59:13.000Z", "duration": 0, "end": "2021-10-26T14:58:37.000Z", "kind": "event", @@ -27866,7 +27716,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:58:43.000Z", "duration": 0, "end": "2021-10-26T14:58:07.000Z", "kind": "event", @@ -28044,7 +27893,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:58:38.000Z", "duration": 0, "end": "2021-10-26T14:58:05.000Z", "kind": "event", @@ -28231,7 +28079,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:58:38.000Z", "duration": 0, "end": "2021-10-26T14:58:05.000Z", "kind": "event", @@ -28417,7 +28264,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:58:18.000Z", "duration": 0, "end": "2021-10-26T14:57:42.000Z", "kind": "event", @@ -28595,7 +28441,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:58:08.000Z", "duration": 0, "end": "2021-10-26T14:58:05.000Z", "kind": "event", @@ -28782,7 +28627,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:58:08.000Z", "duration": 0, "end": "2021-10-26T14:58:05.000Z", "kind": "event", @@ -28968,7 +28812,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:57:48.000Z", "duration": 0, "end": "2021-10-26T14:57:12.000Z", "kind": "event", @@ -29146,7 +28989,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:57:43.000Z", "duration": 0, "end": "2021-10-26T14:57:11.000Z", "kind": "event", @@ -29333,7 +29175,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:57:43.000Z", "duration": 0, "end": "2021-10-26T14:57:10.000Z", "kind": "event", @@ -29520,7 +29361,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:57:43.000Z", "duration": 0, "end": "2021-10-26T14:57:08.000Z", "kind": "event", @@ -29707,7 +29547,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:57:18.000Z", "duration": 0, "end": "2021-10-26T14:57:11.000Z", "kind": "event", @@ -29894,7 +29733,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:57:13.000Z", "duration": 0, "end": "2021-10-26T14:57:10.000Z", "kind": "event", @@ -30081,7 +29919,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:57:13.000Z", "duration": 0, "end": "2021-10-26T14:57:08.000Z", "kind": "event", @@ -30267,7 +30104,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:54:48.000Z", "duration": 0, "end": "2021-10-26T14:54:12.000Z", "kind": "event", @@ -30444,7 +30280,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:54:13.000Z", "duration": 0, "end": "2021-10-26T14:53:37.000Z", "kind": "event", @@ -30622,7 +30457,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:53:53.000Z", "duration": 7000000000, "end": "2021-10-26T14:53:19.000Z", "kind": "event", @@ -30809,7 +30643,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:53:38.000Z", "duration": 0, "end": "2021-10-26T14:53:02.000Z", "kind": "event", @@ -30987,7 +30820,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:53:18.000Z", "duration": 0, "end": "2021-10-26T14:53:12.000Z", "kind": "event", @@ -31165,7 +30997,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:53:03.000Z", "duration": 0, "end": "2021-10-26T14:52:31.000Z", "kind": "event", @@ -31352,7 +31183,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:49:27.000Z", "duration": 0, "end": "2021-10-26T14:48:56.000Z", "kind": "event", @@ -31530,7 +31360,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:48:57.000Z", "duration": 7000000000, "end": "2021-10-26T14:48:22.000Z", "kind": "event", @@ -31717,7 +31546,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:48:47.000Z", "duration": 0, "end": "2021-10-26T14:48:16.000Z", "kind": "event", @@ -31895,7 +31723,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:48:17.000Z", "duration": 0, "end": "2021-10-26T14:48:15.000Z", "kind": "event", @@ -32082,7 +31909,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:48:12.000Z", "duration": 0, "end": "2021-10-26T14:47:41.000Z", "kind": "event", @@ -32259,7 +32085,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:47:42.000Z", "duration": 0, "end": "2021-10-26T14:47:07.000Z", "kind": "event", @@ -32432,7 +32257,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:39:27.000Z", "duration": 0, "end": "2021-10-26T14:38:51.000Z", "kind": "event", @@ -32610,7 +32434,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:38:52.000Z", "duration": 7000000000, "end": "2021-10-26T14:38:19.000Z", "kind": "event", @@ -32797,7 +32620,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:38:52.000Z", "duration": 0, "end": "2021-10-26T14:38:16.000Z", "kind": "event", @@ -32975,7 +32797,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:38:17.000Z", "duration": 0, "end": "2021-10-26T14:38:12.000Z", "kind": "event", @@ -33162,7 +32983,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:37:17.000Z", "duration": 0, "end": "2021-10-26T14:36:41.000Z", "kind": "event", @@ -33339,7 +33159,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:36:42.000Z", "duration": 0, "end": "2021-10-26T14:36:06.000Z", "kind": "event", @@ -33516,7 +33335,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:36:12.000Z", "duration": 0, "end": "2021-10-26T14:35:36.000Z", "kind": "event", @@ -33694,7 +33512,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:36:07.000Z", "duration": 0, "end": "2021-10-26T14:35:35.000Z", "kind": "event", @@ -33881,7 +33698,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:36:07.000Z", "duration": 0, "end": "2021-10-26T14:35:33.000Z", "kind": "event", @@ -34068,7 +33884,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:36:07.000Z", "duration": 0, "end": "2021-10-26T14:35:31.000Z", "kind": "event", @@ -34254,7 +34069,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:35:42.000Z", "duration": 0, "end": "2021-10-26T14:35:06.000Z", "kind": "event", @@ -34428,7 +34242,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:35:37.000Z", "duration": 0, "end": "2021-10-26T14:35:35.000Z", "kind": "event", @@ -34615,7 +34428,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:35:37.000Z", "duration": 0, "end": "2021-10-26T14:35:33.000Z", "kind": "event", @@ -34802,7 +34614,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:35:37.000Z", "duration": 0, "end": "2021-10-26T14:35:31.000Z", "kind": "event", @@ -34988,7 +34799,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:33:17.000Z", "duration": 0, "end": "2021-10-26T14:32:41.000Z", "kind": "event", @@ -35165,7 +34975,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:32:42.000Z", "duration": 0, "end": "2021-10-26T14:32:06.000Z", "kind": "event", @@ -35342,7 +35151,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:32:37.000Z", "duration": 0, "end": "2021-10-26T14:32:01.000Z", "kind": "event", @@ -35520,7 +35328,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:32:07.000Z", "duration": 0, "end": "2021-10-26T14:31:31.000Z", "kind": "event", @@ -35707,7 +35514,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:32:07.000Z", "duration": 0, "end": "2021-10-26T14:31:31.000Z", "kind": "event", @@ -35893,7 +35699,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:32:07.000Z", "duration": 0, "end": "2021-10-26T14:31:31.000Z", "kind": "event", @@ -36070,7 +35875,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:32:02.000Z", "duration": 0, "end": "2021-10-26T14:31:26.000Z", "kind": "event", @@ -36247,7 +36051,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:31:37.000Z", "duration": 0, "end": "2021-10-26T14:31:01.000Z", "kind": "event", @@ -36425,7 +36228,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:31:32.000Z", "duration": 0, "end": "2021-10-26T14:31:31.000Z", "kind": "event", @@ -36612,7 +36414,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:31:32.000Z", "duration": 0, "end": "2021-10-26T14:31:31.000Z", "kind": "event", @@ -36799,7 +36600,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:31:32.000Z", "duration": 0, "end": "2021-10-26T14:31:31.000Z", "kind": "event", @@ -36998,7 +36798,6 @@ "category": [ "network" ], - "created": "2021-10-26T14:31:32.000Z", "duration": 0, "end": "2021-10-26T14:31:31.000Z", "kind": "event", @@ -37186,7 +36985,6 @@ "category": [ "network" ], - "created": "2023-10-04T09:50:23.000Z", "duration": 0, "end": "2023-10-04T09:50:19.000Z", "kind": "event", @@ -37365,7 +37163,6 @@ "category": [ "network" ], - "created": "2023-10-04T09:50:23.000Z", "duration": 0, "end": "2023-10-04T09:50:18.000Z", "kind": "event", @@ -37563,7 +37360,6 @@ "category": [ "network" ], - "created": "2023-10-04T09:50:23.000Z", "duration": 0, "end": "2023-10-04T09:50:18.000Z", "kind": "event", @@ -37760,7 +37556,6 @@ "category": [ "network" ], - "created": "2024-06-14T14:30:18.000Z", "duration": 240000000000, "end": "2024-06-14T14:29:58.000Z", "kind": "event", @@ -37971,7 +37766,6 @@ "category": [ "network" ], - "created": "2024-06-14T14:30:18.000Z", "duration": 240000000000, "end": "2024-06-14T14:29:58.000Z", "kind": "event", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json index f8c9be8f87c..cbaf8e28bf5 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json @@ -36,7 +36,6 @@ "category": [ "network" ], - "created": "2021-11-23T00:44:44.000Z", "duration": 1234567890000000000, "end": "2061-01-06T08:16:14.930Z", "kind": "event", @@ -111,6 +110,7 @@ }, "endreason": "end", "flow_id": "id", + "generated_time": "2021-11-23T00:44:44.000Z", "high_resolution_timestamp": "2021-11-23T08:44:44.930Z", "imei": "imei", "imsi": "imsi", @@ -131,6 +131,7 @@ "pdu_session": { "id": "100" }, + "received_time": "2021-11-23T00:44:44.000Z", "remote_user": { "id": "100", "ip": "81.2.69.192" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json index 597614c2b21..cbeacc93586 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json @@ -14,7 +14,6 @@ "iam" ], "code": "0", - "created": "2021-03-24T11:00:49.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/24 11:00:49,013101001305,USERID,login,2305,2021/03/24 11:00:49,vsys1,81.2.69.193,domain\\name,,0,1,10800,0,0,,,1252774,0x0,0,0,0,0,,FW01,1,,2021/03/24 11:00:49,1,0x80000000,name" }, @@ -122,7 +121,6 @@ "iam" ], "code": "0", - "created": "2021-03-24T10:59:45.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/03/24 10:59:45,013101001305,USERID,logout,2305,2021/03/24 10:59:45,vsys1,10.55.18.7,domain\\name,,0,1,0,0,0,,,1252765,0x0,0,0,0,0,,FW01,1,,2021/03/24 10:59:45,1,0x80000000,name" }, @@ -218,7 +216,6 @@ "iam" ], "code": "0", - "created": "2013-03-28T12:53:05.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.128.92,plano2008r2\\administrator,test,0,1,2700,0,0,active-directory,unknown,1,0x0" }, @@ -301,7 +298,6 @@ "iam" ], "code": "0", - "created": "2013-03-28T12:53:05.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.128.92,plano2008r2\\administrator,test,0,1,2700,0,0,active-directory,unknown,2,0x0" }, @@ -384,7 +380,6 @@ "iam" ], "code": "0", - "created": "2013-03-28T12:53:05.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.128.92,plano2008r2\\administrator,test,0,1,2700,0,0,active-directory,unknown,3,0x0" }, @@ -467,7 +462,6 @@ "iam" ], "code": "0", - "created": "2013-03-28T12:53:05.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.128.92,plano2008r2\\administrator,test,0,1,2700,0,0,active-directory,unknown,4,0x0" }, @@ -550,7 +544,6 @@ "iam" ], "code": "0", - "created": "2021-04-05T14:52:16.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/05 14:52:16,,USERID,login,2305,2021/04/05 14:52:16,vsys1,10.68.2.9,domain\\admin,,0,1,10800,0,0,vpn-client,globalprotect,1277996,0x0,0,0,0,0,,CORE-FW,1,,2021/04/05 14:52:16,1,0x80000000,admin" }, @@ -646,7 +639,6 @@ "iam" ], "code": "0", - "created": "2021-04-05T14:52:33.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/05 14:52:33,,USERID,logout,2305,2021/04/05 14:52:33,vsys1,10.68.2.9,domain\\admin,,0,1,0,0,0,vpn-client,globalprotect,1277997,0x0,0,0,0,0,,CORE-FW,1,,2021/04/05 14:52:34,1,0x80000000,admin" }, @@ -742,7 +734,6 @@ "iam" ], "code": "0", - "created": "2021-04-05T14:53:10.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/05 14:53:10,,USERID,login,2305,2021/04/05 14:53:10,vsys1,10.68.2.9,subdomain\\admin,,0,1,10800,0,0,vpn-client,globalprotect,1277998,0x0,0,0,0,0,,CORE-FW,1,,2021/04/05 14:53:11,1,0x80000000,admin" }, @@ -838,7 +829,6 @@ "iam" ], "code": "0", - "created": "2021-04-05T14:53:31.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/05 14:53:31,,USERID,login,2305,2021/04/05 14:53:31,vsys1,10.68.2.9,admin,,0,1,10800,0,0,vpn-client,globalprotect,1277999,0x0,0,0,0,0,,CORE-FW,1,,2021/04/05 14:53:31,1,0x80000000,admin" }, @@ -932,7 +922,6 @@ "iam" ], "code": "0", - "created": "2021-04-05T14:53:31.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/05 14:53:31,,USERID,login,2305,2021/04/05 14:53:31,vsys1,10.68.2.9,user,,0,1,10800,0,0,vpn-client,globalprotect,1278000,0x0,0,0,0,0,,CORE-FW,1,,2021/04/05 14:53:31,1,0x80000000,user" }, @@ -1026,7 +1015,6 @@ "iam" ], "code": "0", - "created": "2021-04-05T14:53:49.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/05 14:53:49,,USERID,login,2305,2021/04/05 14:53:49,vsys1,10.68.2.9,admin,,0,1,10800,0,0,vpn-client,globalprotect,1278001,0x0,0,0,0,0,,CORE-FW,1,,2021/04/05 14:53:49,1,0x80000000,admin" }, @@ -1120,7 +1108,6 @@ "iam" ], "code": "0", - "created": "2021-04-05T14:53:52.000Z", "kind": "event", "original": "Nov 30 16:09:08 1,2021/04/05 14:53:52,,USERID,logout,2305,2021/04/05 14:53:52,vsys1,10.68.2.9,domain\\admin,,0,1,0,0,0,vpn-client,globalprotect,1278002,0x0,0,0,0,0,,CORE-FW,1,,2021/04/05 14:53:52,1,0x80000000,admin" }, @@ -1216,7 +1203,6 @@ "iam" ], "code": "0", - "created": "2023-05-10T11:17:00.000Z", "kind": "event", "original": "1,2023/05/10 11:17:00,304565467,USERID,login,2561,2023/05/10 11:17:00,vsys1,10.9.3.250,YA072Z$@VIERWERK.NET,zwei.vierwerk.net,0,1,2700,0,0,active-directory,,4325687342567,0x0,0,0,0,0,,P250D-01,0,,2023/05/10 11:16:51,1,0x0,YA072Z$@VIERWERK.NET,,2023-05-10T11:17:01.416-04:00" }, @@ -1313,7 +1299,6 @@ "iam" ], "code": "0", - "created": "2023-05-10T11:17:00.000Z", "kind": "event", "original": "1,2023/05/10 11:17:00,304565467,USERID,login,2561,2023/05/10 11:17:00,vsys1,10.9.3.250,somedomain\\professor john$,zwei.vierwerk.net,0,1,2700,0,0,active-directory,,4325687342567,0x0,0,0,0,0,,P250D-01,0,,2023/05/10 11:16:51,1,0x0,YA072Z$@VIERWERK.NET,,2023-05-10T11:17:01.416-04:00" }, @@ -1410,7 +1395,6 @@ "iam" ], "code": "0", - "created": "2023-05-10T11:17:00.000Z", "kind": "event", "original": "1,2023/05/10 11:17:00,304565467,USERID,login,2561,2023/05/10 11:17:00,vsys1,10.9.3.250,professor john$@somedomain,zwei.vierwerk.net,0,1,2700,0,0,active-directory,,4325687342567,0x0,0,0,0,0,,P250D-01,0,,2023/05/10 11:16:51,1,0x0,YA072Z$@VIERWERK.NET,,2023-05-10T11:17:01.416-04:00" }, @@ -1507,7 +1491,6 @@ "iam" ], "code": "0", - "created": "2023-05-10T11:17:00.000Z", "kind": "event", "original": "1,2023/05/10 11:17:00,304565467,USERID,login,2561,2023/05/10 11:17:00,vsys1,10.9.3.250,first.o'last@somedomain,zwei.vierwerk.net,0,1,2700,0,0,active-directory,,4325687342567,0x0,0,0,0,0,,P250D-01,0,,2023/05/10 11:16:51,1,0x0,YA072Z$@VIERWERK.NET,,2023-05-10T11:17:01.416-04:00" }, diff --git a/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs b/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs index 8f7be5b0741..6a3e6e9c789 100644 --- a/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs +++ b/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs @@ -34,6 +34,10 @@ fields: {{/if}} processors: - add_locale: ~ +- copy_fields: + fields: + - from: '@timestamp' + to: event.created {{#if processors}} {{processors}} {{/if}} diff --git a/packages/panw/data_stream/panos/agent/stream/tcp.yml.hbs b/packages/panw/data_stream/panos/agent/stream/tcp.yml.hbs index 9d554cc974c..d68e5e91010 100644 --- a/packages/panw/data_stream/panos/agent/stream/tcp.yml.hbs +++ b/packages/panw/data_stream/panos/agent/stream/tcp.yml.hbs @@ -17,9 +17,11 @@ ssl: {{ssl}} {{/if}} processors: - add_locale: ~ -{{#if preserve_original_event}} - copy_fields: fields: + - from: '@timestamp' + to: event.created +{{#if preserve_original_event}} - from: message to: event.original {{/if}} diff --git a/packages/panw/data_stream/panos/agent/stream/udp.yml.hbs b/packages/panw/data_stream/panos/agent/stream/udp.yml.hbs index 6f734dcc092..9a6fb1b2e13 100644 --- a/packages/panw/data_stream/panos/agent/stream/udp.yml.hbs +++ b/packages/panw/data_stream/panos/agent/stream/udp.yml.hbs @@ -14,9 +14,11 @@ publisher_pipeline.disable_host: true {{/contains}} processors: - add_locale: ~ -{{#if preserve_original_event}} - copy_fields: fields: + - from: '@timestamp' + to: event.created +{{#if preserve_original_event}} - from: message to: event.original {{/if}} diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/audit.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/audit.yml index 4bfe8325437..e84196821f8 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/audit.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/audit.yml @@ -24,13 +24,6 @@ processors: - configuration # Set custom fields to ECS fields - - date: - if: ctx._temp_?.syslog_time != null - field: _temp_.syslog_time - target_field: event.created - formats: - - MMM d HH:mm:ss - - MMM dd HH:mm:ss - set: field: observer.hostname copy_from: panw.panos.device_name diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml index d3fd07fc1da..e616e968152 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml @@ -29,7 +29,7 @@ processors: - grok: field: _temp_.message patterns: - - "^%{DATA},%{TIMESTAMP:event.created},%{FIELD:observer.serial_number},%{FIELD:panw.panos.type},(?:%{FIELD:panw.panos.sub_type})?,%{FIELD:_temp_.config_version},%{TIMESTAMP:_temp_.generated_time},%{GREEDYDATA:message}$" + - "^%{DATA},%{TIMESTAMP:_temp_.received_time},%{FIELD:observer.serial_number},%{FIELD:panw.panos.type},(?:%{FIELD:panw.panos.sub_type})?,%{FIELD:_temp_.config_version},%{TIMESTAMP:_temp_.generated_time},%{GREEDYDATA:message}$" - "^%{SYSLOGTIMESTAMP:_temp_.syslog_time} %{IPORHOST:observer.hostname} %{NOTSPACE:observer.serial_number},%{PANW_DATE:_temp_.generated_time},%{FIELD:panw.panos.type},%{GREEDYDATA:message}$" pattern_definitions: TIMESTAMP: "%{PANW_DATE}|%{TIMESTAMP_ISO8601}" @@ -103,7 +103,6 @@ processors: ignore_failure: true # Extract user domain from source and destination user - - grok: field: _temp_.srcuser tag: process_srcuser @@ -148,10 +147,11 @@ processors: copy_from: source.user if: ctx.source?.user != null -# Set @timestamp to the time when the entry was generated at the data plane. +# Set 'panw.panos.generated_time' to the time when the entry was generated at the data plane. - date: if: ctx.event?.timezone == null field: '_temp_.generated_time' + target_field: 'panw.panos.generated_time' formats: - 'yyyy/MM/dd HH:mm:ss' - 'strict_date_optional_time_nanos' @@ -159,38 +159,31 @@ processors: - date: if: ctx.event?.timezone != null field: _temp_.generated_time + target_field: 'panw.panos.generated_time' formats: - 'yyyy/MM/dd HH:mm:ss' - 'strict_date_optional_time_nanos' timezone: '{{{ event.timezone }}}' on_failure: [{'append': {'field': 'error.message', 'value': '{{{ _ingest.on_failure_message }}}'}}] - - set: - field: panw.panos.generated_time - copy_from: '@timestamp' - ignore_failure: true -# event.created is the time the event was received at the management plane. +# 'panw.panos.received_time' is the time the event was received at the management plane. - date: - if: ctx.event?.timezone == null && ctx.event.created != null - field: 'event.created' - target_field: 'event.created' + if: ctx.event?.timezone == null && ctx._temp_?.received_time != null + field: '_temp_.received_time' + target_field: 'panw.panos.received_time' formats: - 'yyyy/MM/dd HH:mm:ss' - 'strict_date_optional_time_nanos' on_failure: [{'append': {'field': 'error.message', 'value': '{{{ _ingest.on_failure_message }}}'}}] - date: - if: ctx.event?.timezone != null && ctx.event.created != null - field: event.created - target_field: event.created + if: ctx.event?.timezone != null && ctx._temp_?.received_time != null + field: '_temp_.received_time' + target_field: 'panw.panos.received_time' formats: - 'yyyy/MM/dd HH:mm:ss' - 'strict_date_optional_time_nanos' timezone: '{{{ event.timezone }}}' on_failure: [{'append': {'field': 'error.message', 'value': '{{{ _ingest.on_failure_message }}}'}}] - - set: - field: panw.panos.received_time - copy_from: event.created - ignore_failure: true # convert date fields as the output of the CSV processor is always a string. - date: @@ -264,6 +257,14 @@ processors: field: '@timestamp' copy_from: panw.panos.high_resolution_timestamp ignore_empty_value: true + + # set '@timestamp' to received_time if it wasn't set by high_resolution_timestamp + - set: + tag: received_time_to_timestamp + field: '@timestamp' + copy_from: panw.panos.received_time + if: ctx.panw?.panos?.high_resolution_timestamp == null && ctx.panw?.panos?.received_time != null + - date: if: ctx.event?.timezone == null && ctx.event.start != null field: event.start @@ -1623,7 +1624,6 @@ processors: - panw.panos.event.status - panw.panos.file.type - panw.panos.forwarded_ip - - panw.panos.generated_time - panw.panos.host.id - panw.panos.host.ip - panw.panos.http_method @@ -1648,7 +1648,6 @@ processors: - panw.panos.protocol - panw.panos.public.ip - panw.panos.public.ipv6 - - panw.panos.received_time - panw.panos.recipient - panw.panos.referrer - panw.panos.rule_uuid diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/userid.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/userid.yml index 39cb2ab0351..a707bd902c2 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/userid.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/userid.yml @@ -52,10 +52,6 @@ processors: field: event.code copy_from: panw.panos.event.id ignore_failure: true - - set: - field: panw.panos.received_time - copy_from: event.created - ignore_failure: true - set: field: observer.hostname copy_from: panw.panos.device_name diff --git a/packages/panw/data_stream/panos/sample_event.json b/packages/panw/data_stream/panos/sample_event.json index 8e0fe3af61b..fe614f7c9ce 100644 --- a/packages/panw/data_stream/panos/sample_event.json +++ b/packages/panw/data_stream/panos/sample_event.json @@ -1,15 +1,15 @@ { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "agent": { - "ephemeral_id": "be1891e7-30b4-4f85-b31e-e719ee92c1ea", - "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", + "ephemeral_id": "df9cb56b-dbbb-4b0c-919d-cfab75836e80", + "id": "01cab955-0bdd-4b67-97d1-743fd31e19ea", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.12.1" + "version": "8.14.1" }, "data_stream": { "dataset": "panw.panos", - "namespace": "ep", + "namespace": "65288", "type": "logs" }, "destination": { @@ -34,9 +34,9 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", + "id": "01cab955-0bdd-4b67-97d1-743fd31e19ea", "snapshot": false, - "version": "8.12.1" + "version": "8.14.1" }, "event": { "action": "url_filtering", @@ -46,9 +46,9 @@ "threat", "network" ], - "created": "2012-10-30T09:46:12.000Z", + "created": "2024-08-15T19:31:00.703Z", "dataset": "panw.panos", - "ingested": "2024-03-11T17:57:37Z", + "ingested": "2024-08-15T19:31:10Z", "kind": "alert", "original": "<14>Nov 30 16:09:08 PA-220 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,\"lorexx.cn/loader.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -68,7 +68,7 @@ "log": { "level": "informational", "source": { - "address": "172.18.0.4:53212" + "address": "172.19.0.4:52222" }, "syslog": { "facility": { @@ -114,9 +114,11 @@ "action": "alert", "action_flags": "0x0", "flow_id": "25149", + "generated_time": "2012-04-10T04:39:56.000Z", "http_content_type": "text/html", "log_profile": "forwardAll", "logged_time": "2012-04-10T04:39:58.000Z", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", diff --git a/packages/panw/docs/README.md b/packages/panw/docs/README.md index 8b20b92104e..f843a165ddf 100644 --- a/packages/panw/docs/README.md +++ b/packages/panw/docs/README.md @@ -38,17 +38,17 @@ An example event for `panos` looks as following: ```json { - "@timestamp": "2012-04-10T04:39:56.000Z", + "@timestamp": "2012-10-30T09:46:12.000Z", "agent": { - "ephemeral_id": "be1891e7-30b4-4f85-b31e-e719ee92c1ea", - "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", + "ephemeral_id": "df9cb56b-dbbb-4b0c-919d-cfab75836e80", + "id": "01cab955-0bdd-4b67-97d1-743fd31e19ea", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.12.1" + "version": "8.14.1" }, "data_stream": { "dataset": "panw.panos", - "namespace": "ep", + "namespace": "65288", "type": "logs" }, "destination": { @@ -73,9 +73,9 @@ An example event for `panos` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", + "id": "01cab955-0bdd-4b67-97d1-743fd31e19ea", "snapshot": false, - "version": "8.12.1" + "version": "8.14.1" }, "event": { "action": "url_filtering", @@ -85,9 +85,9 @@ An example event for `panos` looks as following: "threat", "network" ], - "created": "2012-10-30T09:46:12.000Z", + "created": "2024-08-15T19:31:00.703Z", "dataset": "panw.panos", - "ingested": "2024-03-11T17:57:37Z", + "ingested": "2024-08-15T19:31:10Z", "kind": "alert", "original": "<14>Nov 30 16:09:08 PA-220 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,\"lorexx.cn/loader.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -107,7 +107,7 @@ An example event for `panos` looks as following: "log": { "level": "informational", "source": { - "address": "172.18.0.4:53212" + "address": "172.19.0.4:52222" }, "syslog": { "facility": { @@ -153,9 +153,11 @@ An example event for `panos` looks as following: "action": "alert", "action_flags": "0x0", "flow_id": "25149", + "generated_time": "2012-04-10T04:39:56.000Z", "http_content_type": "text/html", "log_profile": "forwardAll", "logged_time": "2012-04-10T04:39:58.000Z", + "received_time": "2012-10-30T09:46:12.000Z", "repeat_count": 1, "ruleset": "rule1", "sequence_number": "0", diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index bd9c7b6a6ff..cf85a2917c2 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Next-Gen Firewall -version: "3.26.4" +version: "4.0.0" description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration format_version: "3.0.3"